Failed to apply catalog: Parameter source failed on Firewall

Hi there! How i can set source interface address in firewall rule? I try it: firewall { '000 her': chain => 'PREROUTING', table => 'raw', source => '! <%= ipaddress_eth0 %>', jump => 'NOTRACK', } but get an error: Error: Failed to apply catalog: Parameter source failed on Firewall[000 her]: host_to_ip failed for ! <%= ipaddress_eth0 %>, exception no address for <%= ipaddress_eth0 %> at /etc/puppetlabs/code/environments/production/manifests/iptables.pp:4 Wrapped exception: host_to_ip failed for ! <%= ipaddress_eth0 %>, exception no address for <%= ipaddress_eth0 %> before i used content => template("client/iptables.rules" with <%= ipaddress_eth0 %> and all worked correct, but now i use module puppetlabs-firewall and i don't understand how set there interface address ... **UPDATE**: I made this: $address = inline_template("<%= scope.lookupvar('::ipaddress_eth0') -%>") firewall { '000 her': chain => 'PREROUTING', table => 'raw', #source => $address, source => '! ${address}', jump => 'NOTRACK', } But now i get an error: Error: Failed to apply catalog: Parameter source failed on Firewall[000 her]: host_to_ip failed for ! ${address}, exception no address for ${address} at /etc/puppetlabs/code/environments/production/manifests/iptables.pp:5 Wrapped exception: host_to_ip failed for ! ${address}, exception no address for ${address} This rule "source => ${address}," works fine, but i need this rule: "source => '! ${address}',". How transfer variable to firewall? Some server info: [root@her code]# uname -a Linux her 3.10.0-327.3.1.el7.x86_64 #1 SMP Wed Dec 9 14:09:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@her code]# cat /etc/centos-release CentOS Linux release 7.2.1511 (Core) [root@her code]# puppet master --version 4.3.1 [root@her code]# rpm -qa | grep pupp puppetlabs-release-pc1-1.0.0-1.el7.noarch puppet-agent-1.3.2-1.el7.x86_64 puppetdb-3.2.2-1.el7.noarch puppetdb-termini-3.2.2-1.el7.noarch puppetserver-2.2.1-1.el7.noarch [root@her code]# puppet module list /etc/puppetlabs/code/environments/production/modules +-- puppetlabs-apt (v2.2.1) +-- puppetlabs-concat (v1.2.5) +-- puppetlabs-firewall (v1.7.2) +-- puppetlabs-inifile (v1.4.3) +-- puppetlabs-postgresql (v4.6.1) +-- puppetlabs-puppetdb (v5.0.0) L-- puppetlabs-stdlib (v4.10.0) /etc/puppetlabs/code/modules (no modules installed) /opt/puppetlabs/puppet/modules (no modules installed)