Changes occurring during every highstate



  • Every time a highstate is ran on my server, I get 4 or 5 of the same "changes" every single time.

    I don't know why, mostly because I don't really understand how the iptables / firewall commands and config file works.

    Here are the results of a typical highstate:

    Summary for tgserv
    -------------
    Succeeded: 53 (changed=4)
    Failed:     0
    -------------
    Total states run:     53
    Total run time:   19.117 s
    

    Here are the changes that occur every time:

    ----------
              ID: allow established
        Function: iptables.append
          Result: True
         Comment: Set iptables rule for allow established to: /usr/sbin/iptables --wait -t filter -A INPUT  -m state --state ESTABLISHED --jump ACCEPT for ipv4
         Started: 20:04:20.247043
        Duration: 154.919 ms
         Changes:   
                  ----------
                  locale:
                      allow established
    ----------
              ID: default to reject
        Function: iptables.append
          Result: True
         Comment: Set iptables rule for default to reject to: /usr/sbin/iptables --wait -t filter -A INPUT  --jump REJECT for ipv4
         Started: 20:04:20.402639
        Duration: 146.135 ms
         Changes:   
                  ----------
                  locale:
                      default to reject
    ----------
              ID: FedoraServer
        Function: firewalld.present
          Result: True
         Comment: 'FedoraServer' was configured.
         Started: 20:04:04.080759
        Duration: 15860.689 ms
         Changes:   
                  ----------
                  interfaces:
                      ----------
                      new:
                          - ens3
                      old:
    ----------
              ID: cockpit
        Function: service.running
          Result: True
         Comment: Service cockpit is already enabled, and is running
         Started: 20:04:03.257258
        Duration: 255.051 ms
         Changes:   
                  ----------
                  cockpit:
                      True
    

    I don't understand why they aren't considered to be staying in the correct state, what's making them change or not stick?