Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-9248

{firewall-iptables} : {module appends VS overwrites iptables file}

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Environment:

       

       

    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      hello, 

      when im using a module and the hosts boots, i see that module just appends text to  /etc/sysconfig/iptables and the result is this:

      -A INPUT -d 88.88.88.88/32 -m comment --comment 000 -m policy --dir in --pol ipsec -j ACCEPT
      -A INPUT -d 88.88.88.88/32 -p esp -m comment --comment 001 -j ACCEPT
      -A INPUT -d 88.88.88.88/32 -p udp -m multiport --sports 500 -m multiport --dports 500 -m comment --comment 002 -j ACCEPT
      -A INPUT -d 88.88.88.88/32 -p udp -m multiport --sports 4500 -m multiport --dports 4500 -m comment --comment 003 -j ACCEPT
      -A INPUT -d 88.88.88.88/32 -m comment --comment 004 -j DROP
      -A INPUT -m comment --comment 005 -j ACCEPT
      -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
      -A INPUT -p icmp -j ACCEPT
      -A INPUT -i lo -j ACCEPT
      -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
      -A INPUT -j REJECT --reject-with icmp-host-prohibited
      -A FORWARD -m comment --comment 008 -j ACCEPT
      -A FORWARD -j REJECT --reject-with icmp-host-prohibited

      after i run it second time the module overwrites the iptable sconfig and everything is OK;

       

      1. Generated by iptables-save v1.4.21 on Mon Jun 10 15:54:18 2019
        *filter
        :INPUT ACCEPT [0:0]
        :FORWARD ACCEPT [0:0]
        :OUTPUT ACCEPT [1:248]
        -A INPUT -d 88.88.88.88/32 -m comment --comment 000 -m policy --dir in --pol ipsec -j ACCEPT
        -A INPUT -d 88.88.88.88/32 -p esp -m comment --comment 001 -j ACCEPT
        -A INPUT -d 88.88.88.88/32 -p udp -m multiport --sports 500 -m multiport --dports 500 -m comment --comment 002 -j ACCEPT
        -A INPUT -d 88.88.88.88/32 -p udp -m multiport --sports 4500 -m multiport --dports 4500 -m comment --comment 003 -j ACCEPT
        -A INPUT -d 88.88.88.88/32 -m comment --comment 004 -j DROP
        -A INPUT -m comment --comment 005 -j ACCEPT
        -A FORWARD -m comment --comment 008 -j ACCEPT
        COMMIT

      Basic Info
      Module Version: '1.8.1'
      Puppet Version: 5.4.0
      OS Name/Version: centos 7

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            Edvinas Edvinas
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support