Comments (4)
chr4
commented on July 25, 2024
This is actually pretty simple.
As stated in the Docs, the rule attribute of the iptables_ng_rule provider also accepts an Array.
You can use map to create the desired result:
iptables_ng_rule 'add_ips' do
chain 'FWR'
rule ips.map { |ip| "-s #{ip} -j ACCEPT" }
# As the source specified above is ipv4, this rule cannot be applied to ip6tables.
# Therefore, setting ip_version to 4
ip_version 4
endI should probably add this to the README for future reference.
Does this solves your problem?
from iptables-ng.
chr4
commented on July 25, 2024
Also note, that having whitespace in the name is a bad idea, as it translates into the filename.
A future version might automatically escape whitespaces to underscores, but currently that's not the case.
from iptables-ng.
chr4
commented on July 25, 2024
I added this example to the README.
Another note: If you use the --source parameter with ipv4 addresses, you will most likely have to restrict this ruleset to ipv4 only. You can do so using the ip_version 4 attribute.
I updated the example to reflect that.
from iptables-ng.
Joseph-R
commented on July 25, 2024
Great, thanks Chris! Really appreciate your responsiveness on this.
iptables_ng_rule 'add_ips' do
chain 'FWR'
rule ips.map { |ip| "-s #{ip} -j ACCEPT" }
ip_version 4
end
This worked great for us, and removing the whitespace from rule names was also a good idea.
Thanks again for your input! I appreciate you updating your docs as well.
from iptables-ng.
Related Issues (20)
- Generate 'default' file for custom LWRP chains HOT 5
- ? Does this restart iptables every chef run? HOT 7
- iptables-persistent restart always seems to fail HOT 7
- should we only reload the rules if it's safe to do so? HOT 8
- (Request) HOT 3
- IPv6 nat support HOT 7
- Amazon linux doesn't have iptables-service HOT 5
- rule resources is flagged as updated every converge HOT 4
- delete rules that are not part of compiled attributes? HOT 3
- service[iptables-persistent] always fails when rules changed HOT 2
- locking a rule to one TCP version doesn't work (on el7) HOT 1
- Issue on debian 8 HOT 8
- 2.2.9 version breaks things badly. HOT 2
- LWRP not working as stated on the README HOT 13
- Missing v3.0.0 version git tag HOT 1
- Creating NAT/FORWARD chains does not create the directory using iptables_ng_chain HOT 2
- Ubuntu 16.04? HOT 5
- Deprecated resource cloning in Chef 13 HOT 1
- Missing 'manage' recipe? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iptables-ng.