Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
firewalld_zone: Fix failure creating new zone
Possibly due to a change in recent firewalld versions, creating a new zone fails with: > Debug: Firewalld_zone[test3](provider=firewall_cmd): Creating new zone test3 with target: '' > Debug: Puppet::Type::Firewalld_zone::ProviderFirewall_cmd: Executing --state command - current value > Debug: Executing: '/usr/sbin/firewall-cmd --state' > Debug: Executing: '/usr/sbin/firewall-offline-cmd --new-zone test3' > Debug: Puppet::Type::Firewalld_zone::ProviderFirewall_cmd: Executing --state command - current value > Debug: Executing: '/usr/sbin/firewall-cmd --state' > Debug: Executing: '/usr/sbin/firewall-offline-cmd --zone test3 --list-interfaces' > Debug: Firewalld_zone[test3](provider=firewall_cmd): removing icmp block inversion for zone test3 > Debug: Puppet::Type::Firewalld_zone::ProviderFirewall_cmd: Executing --state command - current value > Debug: Executing: '/usr/sbin/firewall-cmd --state' > Debug: Executing: '/usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion' > Error: Execution of '/usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion' returned 12: > Error: /Stage[main]/Main/Firewalld_zone[test3]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion' returned 12: which seems to be because ICMP block inversion is unset by default: ``` > /usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion NOT_ENABLED: icmp-block-inversion > echo $? 12 ``` Only manage `icmp_block_inversion` property on new zones if set to `true`.
- Loading branch information
1 parent
302c22c
commit 4ec801f