As the title suggest I am having issues with the module not keeping the unmanaged rules.
They are wiped out despite the use of keep_unmanaged property.
Any help fixing that issue would be highly appreciated.
Thanks!
Version
Red Hat Enterprise Linux release 8.4 (Ootpa)
Installed latest of iptables_raw.py
State of iptables rules before:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED / 000 accept related established rules ipv4 /
ACCEPT icmp -- anywhere anywhere state NEW / 001 accept all icmp ipv4 /
ACCEPT all -- anywhere anywhere state NEW / 002 accept all to lo interface ipv4 /
[skip]
ACCEPT tcp -- anywhere anywhere multiport dports 16514,61152:61215,rfb:6923 state NEW / 200 nova_libvirt ipv4 /
LOG all -- anywhere anywhere state NEW limit: avg 20/min burst 15 / 998 log all ipv4 / LOG level warning
DROP all -- anywhere anywhere state NEW / 999 drop all ipv4 /
Chain FORWARD (policy ACCEPT)
target prot opt source destination
As the title suggest I am having issues with the module not keeping the unmanaged rules. They are wiped out despite the use of keep_unmanaged property. Any help fixing that issue would be highly appreciated. Thanks!
Version Red Hat Enterprise Linux release 8.4 (Ootpa)
Installed latest of iptables_raw.py
State of iptables rules before:
iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED / 000 accept related established rules ipv4 / ACCEPT icmp -- anywhere anywhere state NEW / 001 accept all icmp ipv4 / ACCEPT all -- anywhere anywhere state NEW / 002 accept all to lo interface ipv4 / [skip] ACCEPT tcp -- anywhere anywhere multiport dports 16514,61152:61215,rfb:6923 state NEW / 200 nova_libvirt ipv4 / LOG all -- anywhere anywhere state NEW limit: avg 20/min burst 15 / 998 log all ipv4 / LOG level warning DROP all -- anywhere anywhere state NEW / 999 drop all ipv4 / Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source
Execution of
State of iptable rules after:
iptables -S
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -p tcp -m tcp --dport 9100 -m state --state NEW -m comment --comment "ansible[iptables_raw rule for node_exporter]" -j ACCEPT
All unmanaged rules are gone !!!
cat /etc/ansible-iptables/iptables.json
{ "filter": { "dump": "\n", "rules_dict": { "$unmanaged_rules$": { "rules": "", <- empty ? "weight": 90 }, "iptables_raw rule for node_exporter": { "rules": "-A INPUT -m tcp -p tcp --dport 9100 -m state --state NEW -j ACCEPT -m comment --comment \"ansible[iptables_raw rule for node_exporter]\"", "weight": 40 } } } }