Open BigAndini opened 4 years ago
BigAndini
commented
4 years ago I'm looking again into this topic and it happens that the module tries to read the used tables out or /proc/net/ip_tables_names, which is empty in my centos8 system. I found problems in lxc containers, but I'm using a kvm virtualized machine. I'll update this issue when I find something new.
BigAndini
commented
4 years ago I've adjusted this line now as a workaround: https://github.com/Nordeus/ansible_iptables_raw/blob/master/iptables_raw.py#L338
table_names = "filter\n" + open(self.iptables_names_file, 'r').read()
list_set = set(table_names.splitlines())
unique_list = (list(list_set))
return unique_listTo unique the list I took the second approach from here: https://www.geeksforgeeks.org/python-get-unique-values-list/
It looks like centos8 changes to nftables as well and uses the new netfilter approach.
gasiorroiasg
commented
4 years ago thanks @BigAndini , you are a live saver.
Hello,
I just tested your module on a centos8 box and it happens that the /etc/sysconfig/iptables file only contains some newlines instead of the configured iptables rules.
With some debugging I found the .iptables.lock file in /etc/ansible-iptables which needs to be removed to really update all rules. I went until the tempfile is written and the system tries to copy it into the right path. However I was not able to find the tmppath, yet to check what is written into the tmpfile.
Did you already test the module with centos8? I've checked to have the latest version of the file in my ansible library path.
Regards Andi