From: lionce <loredana.ionce@puppet.com>
Date: Thu, 14 Nov 2019 15:46:17 +0000 (+0200)
Subject: update Readme
X-Git-Tag: v2.2.0~4^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=a33654a66fcf0019da9f89636c41a2782431d54d;p=puppet-modules%2Fpuppetlabs-firewall.git

update Readme
---

diff --git a/README.md b/README.md
index 5276ca9..d8ce853 100644
--- a/README.md
+++ b/README.md
@@ -142,6 +142,29 @@ Rules are persisted automatically between reboots, although there are known issu
   }
   ~~~
 
+  Internal chains can not be deleted. In order to avoid all the confusing Warning/Notice messages when using purge => true, like these ones:
+
+    Notice: Compiled catalog for blonde-height.delivery.puppetlabs.net in environment production in 0.05 seconds
+    Warning: Firewallchain[INPUT:mangle:IPv4](provider=iptables_chain): Attempting to destroy internal chain INPUT:mangle:IPv4
+    Notice: /Stage[main]/Main/Firewallchain[INPUT:mangle:IPv4]/ensure: removed
+    Warning: Firewallchain[FORWARD:mangle:IPv4](provider=iptables_chain): Attempting to destroy internal chain FORWARD:mangle:IPv4
+    Notice: /Stage[main]/Main/Firewallchain[FORWARD:mangle:IPv4]/ensure: removed
+    Warning: Firewallchain[OUTPUT:mangle:IPv4](provider=iptables_chain): Attempting to destroy internal chain OUTPUT:mangle:IPv4
+    Notice: /Stage[main]/Main/Firewallchain[OUTPUT:mangle:IPv4]/ensure: removed
+    Warning: Firewallchain[POSTROUTING:mangle:IPv4](provider=iptables_chain): Attempting to destroy internal chain POSTROUTING:mangle:IPv4
+    Notice: /Stage[main]/Main/Firewallchain[POSTROUTING:mangle:IPv4]/ensure: removed
+
+  Please create firewallchains for every internal chain. Here is an example:
+
+   ~~~ puppet
+    firewallchain { 'POSTROUTING:mangle:IPv6':
+      ensure  => present,
+    }
+    resources { 'firewallchain':
+      purge => true,
+    }
+  ~~~
+
   **Note** - If there are unmanaged rules in unmanaged chains, it will take two Puppet runs for the firewall chain to be purged. This is different than the `purge` parameter available in `firewallchain`.
 
 2.  Use the following code to set up the default parameters for all of the firewall rules that you will establish later. These defaults will ensure that the `pre` and `post` classes are run in the correct order and avoid locking you out of your box during the first Puppet run.