Comments (4)
chr4
commented on July 25, 2024
Thanks for using my cookbook!
This is not an issue, but regular design in chef. If you need to delete a obsolete rule, you need to specify it using the :delete action.
See: #10
from iptables-ng.
ichilton
commented on July 25, 2024
I just had this same issue - I accidentally added a rule which had v4 source addresses in, without specifying 'ip_version 4' and ip6tables was failing. I realised and removed it, but it kept appearing until I cleared /etc/iptables.d.
Makes sense abotu :delete though - it works the same for packages - you can install a package, but if you remove that declaration from chef, it won't then remove that package unless you tell it to do so with :delete.
Ian
from iptables-ng.
commented on July 25, 2024
Trying to think of a possible solution to this. Why not compare what is on disk to the current rule set on each run. If they differ replace the rules on disk and reload?
from iptables-ng.
chr4
commented on July 25, 2024
@ichilton: Exactly, this is what I meant with "regular design in chef"
@gregf: While I had this though too, I never came up with a clean/decent idea. Remember that iptables rules might be created using different recipes or even cookbooks. One could store them on the chef-server using attributes, but I think this is a pretty messy. I think we'll just have to do it "the chef way", as this problem also applies to files, templates, packages and many more.
from iptables-ng.
Related Issues (20)
- Generate 'default' file for custom LWRP chains HOT 5
- ? Does this restart iptables every chef run? HOT 7
- iptables-persistent restart always seems to fail HOT 7
- Loop through IPs listed in an attribute array or hash. HOT 4
- should we only reload the rules if it's safe to do so? HOT 8
- (Request) HOT 3
- IPv6 nat support HOT 7
- Amazon linux doesn't have iptables-service HOT 5
- rule resources is flagged as updated every converge HOT 4
- delete rules that are not part of compiled attributes? HOT 3
- service[iptables-persistent] always fails when rules changed HOT 2
- locking a rule to one TCP version doesn't work (on el7) HOT 1
- Issue on debian 8 HOT 8
- 2.2.9 version breaks things badly. HOT 2
- LWRP not working as stated on the README HOT 13
- Missing v3.0.0 version git tag HOT 1
- Creating NAT/FORWARD chains does not create the directory using iptables_ng_chain HOT 2
- Ubuntu 16.04? HOT 5
- Deprecated resource cloning in Chef 13 HOT 1
- Missing 'manage' recipe? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iptables-ng.