You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 11, 2019. It is now read-only.
I 've just installed this package with the following config :
class{'iptables':
enable_v6=>false,version=>'present'# the present is mandatory else it try to replace my ubuntu version with a non existant package}iptables::rule{'smtp':
port=>25}iptables::rule{'smtp_secure':
port=>587}iptables::rule{'imap':
port=>143}
But when i apply this config, i have :
Debug: Executing 'iptables-restore < /etc/iptables/rules.v4'
Error: /Stage[main]/Iptables/Service[iptables]: Failed to call refresh: Could not restart Service[iptables]: Execution of 'iptables-restore < /etc/iptables/rules.v4' returned 1:
Error: /Stage[main]/Iptables/Service[iptables]: Could not restart Service[iptables]: Execution of 'iptables-restore < /etc/iptables/rules.v4' returned 1:
Debug: Iptables::Concat_emitter[v4]: The container Class[Iptables] will propagate my refresh event
Debug: Class[Iptables]: The container Stage[main] will propagate my refresh event
The generated file is :
# File Managed by Puppet
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 25 -s 0/0 -d 0/0 -j ACCEPT
-A INPUT -p tcp --dport 587 -s 0/0 -d 0/0 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m pkttype --pkt-type broadcast -j ACCEPT
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT
-A INPUT -j LOG --log-level 4 --log-prefix "INPUT DROP: "
-A INPUT -j DROP
-A OUTPUT -j ACCEPT
-A OUTPUT -j LOG --log-level 4 --log-prefix "OUTPUT DROP: "
-A OUTPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -j LOG --log-level 4 --log-prefix "FORWARD DROP: "
-A FORWARD -j DROP
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A POSTROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A POSTROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
And if i do a manually save i have something restorable wich look like :
# Generated by iptables-save v1.4.18 on Sat Apr 19 02:23:26 2014
*nat
:PREROUTING ACCEPT [12:1300]
:POSTROUTING ACCEPT [5:337]
:OUTPUT ACCEPT [5:337]
COMMIT
# Completed on Sat Apr 19 02:23:26 2014
# Generated by iptables-save v1.4.18 on Sat Apr 19 02:23:26 2014
*mangle
:PREROUTING ACCEPT [145:11453]
:INPUT ACCEPT [145:11453]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [123:19035]
:POSTROUTING ACCEPT [123:19035]
COMMIT
# Completed on Sat Apr 19 02:23:26 2014
# Generated by iptables-save v1.4.18 on Sat Apr 19 02:23:26 2014
*filter
:INPUT ACCEPT [145:11453]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [123:19035]
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
COMMIT
# Completed on Sat Apr 19 02:23:26 2014
Hello,
I 've just installed this package with the following config :
But when i apply this config, i have :
The generated file is :
And if i do a manually save i have something restorable wich look like :
Can you help please.