{"host": "ms-be2068.codfw.wmnet", "state": "diff", "description": "Differences to Puppet defined resources", "diff": {"full": {"total": 3184, "only_in_self": [], "only_in_other": ["Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cumin-masters]", "Nftables::Service[swift-rsync]"], "resource_diffs": [{"resource": "Nftables::Service[full-monitoring-metrics-access-tcp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-tcp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-tcp]\n\n+    notrack             => False\n+    desc                => \n+    src_ips             => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    port_range          => [1, 65535]\n+    ensure              => present\n"}, {"resource": "Nftables::Service[ssh-from-bastion]", "parameters": "--- Nftables::Service[ssh-from-bastion].orig\n+++ Nftables::Service[ssh-from-bastion]\n\n+    notrack             => False\n+    port                => 22\n+    desc                => \n+    src_ips             => ['103.102.166.103', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:3:103:102:166:103', '208.80.153.110', '208.80.154.7', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[swift-rsync]", "parameters": "--- Nftables::Service[swift-rsync].orig\n+++ Nftables::Service[swift-rsync]\n\n+    notrack             => True\n+    port                => 873\n+    desc                => \n+    src_ips             => ['10.192.0.123', '10.192.11.21', '10.192.13.22', '10.192.13.26', '10.192.15.24', '10.192.16.52', '10.192.21.18', '10.192.23.15', '10.192.23.27', '10.192.26.21', '10.192.26.9', '10.192.28.22', '10.192.28.23', '10.192.28.25', '10.192.31.22', '10.192.31.8', '10.192.37.18', '10.192.37.21', '10.192.37.23', '10.192.39.11', '10.192.39.19', '10.192.40.26', '10.192.42.19', '10.192.42.20', '10.192.42.7', '10.192.46.6', '10.192.47.7', '10.192.56.5', '10.192.57.8', '10.192.58.8', '10.192.59.9', '10.192.6.12', '10.192.6.23', '10.192.6.24', '10.192.9.13', '10.64.0.112', '10.64.0.114', '10.64.0.169', '10.64.0.53', '10.64.0.71', '10.64.130.4', '10.64.131.2', '10.64.131.27', '10.64.132.24', '10.64.133.10', '10.64.133.13', '10.64.134.3', '10.64.135.2', '10.64.135.26', '10.64.136.21', '10.64.141.5', '10.64.152.3', '10.64.154.2', '10.64.156.14', '10.64.156.2', '10.64.16.135', '10.64.16.26', '10.64.16.79', '10.64.16.96', '10.64.160.3', '10.64.162.15', '10.64.162.2', '10.64.164.2', '10.64.175.12', '10.64.179.9', '10.64.185.6', '10.64.187.7', '10.64.32.117', '10.64.48.96', '2620:0:860:101:10:192:0:123', '2620:0:860:102:10:192:16:52', '2620:0:860:105:10:192:26:21', '2620:0:860:105:10:192:26:9', '2620:0:860:107:10:192:6:12', '2620:0:860:107:10:192:6:23', '2620:0:860:107:10:192:6:24', '2620:0:860:10a:10:192:9:13', '2620:0:860:10c:10:192:11:21', '2620:0:860:10e:10:192:13:22', '2620:0:860:10e:10:192:13:26', '2620:0:860:110:10:192:15:24', '2620:0:860:111:10:192:21:18', '2620:0:860:113:10:192:23:15', '2620:0:860:113:10:192:23:27', '2620:0:860:115:10:192:28:22', '2620:0:860:115:10:192:28:23', '2620:0:860:115:10:192:28:25', '2620:0:860:11a:10:192:31:22', '2620:0:860:11a:10:192:31:8', '2620:0:860:11c:10:192:37:18', '2620:0:860:11c:10:192:37:21', '2620:0:860:11c:10:192:37:23', '2620:0:860:11e:10:192:39:11', '2620:0:860:11e:10:192:39:19', '2620:0:860:11f:10:192:40:26', '2620:0:860:121:10:192:42:19', '2620:0:860:121:10:192:42:20', '2620:0:860:121:10:192:42:7', '2620:0:860:125:10:192:46:6', '2620:0:860:126:10:192:47:7', '2620:0:860:12b:10:192:56:5', '2620:0:860:12c:10:192:57:8', '2620:0:860:12d:10:192:58:8', '2620:0:860:12e:10:192:59:9', '2620:0:861:101:10:64:0:112', '2620:0:861:101:10:64:0:114', '2620:0:861:101:10:64:0:169', '2620:0:861:101:10:64:0:53', '2620:0:861:101:10:64:0:71', '2620:0:861:102:10:64:16:135', '2620:0:861:102:10:64:16:26', '2620:0:861:102:10:64:16:79', '2620:0:861:102:10:64:16:96', '2620:0:861:103:10:64:32:117', '2620:0:861:107:10:64:48:96', '2620:0:861:109:10:64:130:4', '2620:0:861:10a:10:64:131:2', '2620:0:861:10a:10:64:131:27', '2620:0:861:10b:10:64:132:24', '2620:0:861:10c:10:64:133:10', '2620:0:861:10c:10:64:133:13', '2620:0:861:10d:10:64:134:3', '2620:0:861:10e:10:64:135:2', '2620:0:861:10e:10:64:135:26', '2620:0:861:10f:10:64:136:21', '2620:0:861:113:10:64:141:5', '2620:0:861:120:10:64:152:3', '2620:0:861:122:10:64:154:2', '2620:0:861:124:10:64:156:14', '2620:0:861:124:10:64:156:2', '2620:0:861:128:10:64:160:3', '2620:0:861:12a:10:64:162:15', '2620:0:861:12a:10:64:162:2', '2620:0:861:12c:10:64:164:2', '2620:0:861:135:10:64:175:12', '2620:0:861:139:10:64:179:9', '2620:0:861:13f:10:64:185:6', '2620:0:861:142:10:64:187:7']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[ssh-from-cumin-masters]", "parameters": "--- Nftables::Service[ssh-from-cumin-masters].orig\n+++ Nftables::Service[ssh-from-cumin-masters]\n\n+    notrack             => False\n+    port                => 22\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['CUMIN_MASTERS']\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-udp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-udp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-udp]\n\n+    notrack             => False\n+    desc                => \n+    src_ips             => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n+    proto               => udp\n+    unrestricted_access => False\n+    prio                => 10\n+    port_range          => [1, 65535]\n+    ensure              => present\n"}], "perc_changed": "0.31%"}, "core": null, "main": {"total": 3184, "only_in_self": [], "only_in_other": ["Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cumin-masters]", "Nftables::Service[swift-rsync]"], "resource_diffs": [], "perc_changed": "0.16%"}}}