Destination/Source accepts array but only use the first element

[elfranne]

For example:

firewall { '200 http https':
  dport       => [80, 443],
  proto       => 'tcp',
  destination => ['1.2.3.4', '2.3.4.5'],
  action      => 'accept'
}

Puppet will only include the first IP in the firewall rule. There is no error or warning.

If you want to add multiple IP in a single firewall rule with Puppet you can use the ipset module:

ipset::set { 'web':
  set    => ['1.2.3.4', '2.3.4.5'],
}
firewall { '200 http https':
  dport   => [80, 443],
  proto   => 'tcp',
  ipset   => 'web dst',
  action  => 'accept'
  require => Ipset::Set['web'],
}

[github-actions]

Hello! 👋

This issue has been open for a while and has had no recent activity. We've labelled it with attention-needed so that we can get a clear view of which issues need our attention.

If you are waiting on a response from us we will try and address your comments on a future Community Day.

Alternatively, if it is no longer relevant to you please close the issue with a comment.

[LukasAud]

Hey @elfranne, it looks like there is some mention of this behaviour in our documentation. It also contains another alternative to allow for multiple destination/source IP addresses via the use of another module. The forge link also seems to contain some context as to why the module behaves this way.

We do, however, agree that it might be wise to warn users when they try to use a feature this way. We will be adding this work to our backlog. Thanks for bringing this to our attention.