puppetlabs-firewall duplicate resources

gistfile1.txt

[root@fw0 ~]# iptables -F

[root@fw0 ~]# cat test.pp 
firewall {
    "500 http":
        dport   => 80,
        action  => "accept";
    "500 https":
        dport   => 443,
        action  => "accept";
}
resources { "firewall":
    purge   => true,
}

[root@fw0 ~]# puppet apply --modulepath /vagrant/puppet/modules test.pp 
notice: /Firewall[500 https]/ensure: created
notice: /Firewall[500 http]/ensure: created
notice: Finished catalog run in 0.17 seconds

[root@fw0 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            multiport dports http /* 500 http */ 
ACCEPT     tcp  --  anywhere             anywhere            multiport dports https /* 500 https */ 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

[root@fw0 ~]# /sbin/iptables -I INPUT -t filter -p tcp -m multiport --dports 8080 -m comment --comment "500 http" -j ACCEPT

[root@fw0 ~]# puppet apply --modulepath /vagrant/puppet/modules test.pp 
warning: Firewall 500 http found in both iptables and iptables; skipping the iptables version
notice: Finished catalog run in 0.07 seconds

[root@fw0 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            multiport dports webcache /* 500 http */ 
ACCEPT     tcp  --  anywhere             anywhere            multiport dports http /* 500 http */ 
ACCEPT     tcp  --  anywhere             anywhere            multiport dports https /* 500 https */ 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination