Unable to parse calico rules on AlmaLinux 9.0

[X-Siro]

Describe the error

Writes errors to the console when applying a directory.

Expected behavior

No errors

Playback actions

Run pappet on kubernetes node under AlmaLinux 9.0 with cni Calico

Environment

• OS: AlmaLinux 9.0
• firewall module v3.5.0
• Calico v3.19.0
• Iptabes v1.8.7 (nf_tables)

Additional context

Error log:

Warning: Puppet::Type::Firewall::ProviderIptables: Skipping unparsable iptables rule: keys (5) and values ​​(6) count mismatch on line: -A cali-PREROUTING -m comment --comment "cali:mPIOOWmbH3iO0R90" -m mark --mark 0x40000/0x40000 -m rpfilter --validmark --invert -j DROP
Warning: Puppet::Type::Firewall::ProviderIptables: Skipping unparsable iptables rule: keys (5) and values ​​(6) count mismatch on line: -A cali-PREROUTING -m comment --comment "cali:mPIOOWmbH3iO0R90" -m mark --mark 0x40000/0x40000 -m rpfilter --validmark --invert -j DROP
Warning: Puppet::Type::Firewall::ProviderIptables: Skipping unparsable iptables rule: keys (5) and values ​​(6) count mismatch on line: -A cali-PREROUTING -m comment --comment "cali:mPIOOWmbH3iO0R90" -m mark --mark 0x40000/0x40000 -m rpfilter --validmark --invert -j DROP

[GertjanBijl]

I can confirm this also happens on RHEL 8.6 with calico. We are still using version 3.4.0 of the module, but I doubt upgrading it will fix the issue.

[jpveldhuizen]

I can also confirm this is happening on Ubuntu 18 till 22 LTS versions too. I've tried version 3.4.0, 3.5.0 and 3.6.0 of this module.

Warning: Puppet::Type::Firewall::ProviderIptables: Skipping unparsable iptables rule: keys (5) and values (6) count mismatch on line: -A cali-PREROUTING -m comment --comment "cali:fSSbGND7dgyemWU7" -m mark --mark 0x40000/0x40000 -m rpfilter --validmark --invert -j DROP

[stefanlasiewski]

We are also running Ubuntu 18 & 20, and have also hit the same issue. We get the same error message as @jpveldhuizen .

I would say this bug affects most sites which use Kubernetes and Ubuntu 18+ or RHEL derivatives.