Host loses connectivity after flushing iptables about ansible-role-firewall HOT 6 CLOSED

I found the issue I believe. The issue is when the firewall is not setup to accept all as it normally is in the beginning. So the issue stops when the firewall is reset to the default.

from ansible-role-firewall.

This role is intended to be used in lieu of ufw, and although you may be able to get ufw and iptables + this role working together correctly, I would rather not try to support the mix... Since iptables works on all the linux environments I work with, I try to continue using it for everything rather than ufw where it's available.

My guess is that what happened here was ufw was redirecting a port, or accepting connections, then when this role runs the first time, and drops those rules, the connection is no longer available.

from ansible-role-firewall.

Please feel free to reopen if I'm missing what's going on here... one other note is that I haven't fully tested the role with 14.04 (only 12.04), so maybe there's something different about 14.04 causing an issue.

from ansible-role-firewall.

(I don't think I can re-open the issue.)

I don't normally use Ubuntu, but I have a feeling ufw might have been on by default (in 14.04).

Perhaps to make the firewall role more robust, to avoid conflicts, it could disable ufw and ensure that the default rules are ACCEPT before flushing iptables. Losing connectivity is never fun.

from ansible-role-firewall.

I'll reopen this issue, then—I definitely need to do some more investigation on 14.04, especially since some of the network stack has change quite a bit!

from ansible-role-firewall.

I've been testing this role on a few different clean installs of Ubuntu 14.04 minimal, and can't replicate the failure here; I wonder if the distribution you were using had a specific firewall rule in place that was redirecting a particular port or something for SSH, and flushing the rules cleared out that special firewall rule.

Can you try running it again, on a fresh install, and see if you can replicate the failure? And if you can, then do it again, but before running the playbook, check the output of the command $ sudo iptables -L in the terminal and see if there are any rules affecting SSH.

I'm going to close since I can't replicate on any of my test environments.

from ansible-role-firewall.