Comments (6)
I found the issue I believe. The issue is when the firewall is not setup to accept all as it normally is in the beginning. So the issue stops when the firewall is reset to the default.
from ansible-role-firewall.
This role is intended to be used in lieu of ufw
, and although you may be able to get ufw and iptables + this role working together correctly, I would rather not try to support the mix... Since iptables works on all the linux environments I work with, I try to continue using it for everything rather than ufw where it's available.
My guess is that what happened here was ufw was redirecting a port, or accepting connections, then when this role runs the first time, and drops those rules, the connection is no longer available.
from ansible-role-firewall.
Please feel free to reopen if I'm missing what's going on here... one other note is that I haven't fully tested the role with 14.04 (only 12.04), so maybe there's something different about 14.04 causing an issue.
from ansible-role-firewall.
(I don't think I can re-open the issue.)
I don't normally use Ubuntu, but I have a feeling ufw
might have been on by default (in 14.04).
Perhaps to make the firewall role more robust, to avoid conflicts, it could disable ufw
and ensure that the default rules are ACCEPT before flushing iptables. Losing connectivity is never fun.
from ansible-role-firewall.
I'll reopen this issue, then—I definitely need to do some more investigation on 14.04, especially since some of the network stack has change quite a bit!
from ansible-role-firewall.
I've been testing this role on a few different clean installs of Ubuntu 14.04 minimal, and can't replicate the failure here; I wonder if the distribution you were using had a specific firewall rule in place that was redirecting a particular port or something for SSH, and flushing the rules cleared out that special firewall rule.
Can you try running it again, on a fresh install, and see if you can replicate the failure? And if you can, then do it again, but before running the playbook, check the output of the command $ sudo iptables -L
in the terminal and see if there are any rules affecting SSH.
I'm going to close since I can't replicate on any of my test environments.
from ansible-role-firewall.
Related Issues (20)
- stuck after running firewall HOT 4
- Installed is no longer a valid argument for the ansible.builtin.package module HOT 4
- feature request: allow to use --wait [seconds] in firewall.bash
- Odd rule defaults that are not configurable.
- Broken networking
- Allow user-provided templates HOT 1
- Python six/jinja2 cookiecutter dependency version conflict causing CI builds to fail HOT 7
- fatal error on "firewall: Check if ufw package is installed (on Ubuntu)." HOT 3
- Use ansible_port if defined instead of always 22 HOT 2
- Using "firewall_flush_rules_and_chains" HOT 5
- docker rules are flushed on each run HOT 10
- setup a network interface with different port settings HOT 2
- [FEATURE REQUEST] add variable for default rules / add variable for blacklisted IPs HOT 11
- Flushing iptables on first run is causing ssh lockdown HOT 4
- iptables fails to install if apt cache is outdated HOT 2
- Add Default Policy Option HOT 6
- Error on Debian on first check_mode run HOT 4
- Configure OUTPUT rules HOT 5
- New firewall configurations break the SSH connection when the `restart firewall` handler runs HOT 2
- Role stopped working after system update HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-role-firewall.