search

chef-cookbooks / iptables

Development repository for Chef Cookbook iptables
https://supermarket.chef.io/cookbooks/iptables
Apache License 2.0
102 stars 141 forks source link

iptables rule creation failing #123

Closed n0noob closed 3 years ago

n0noob commented 4 years ago

I am using cookbook iptables like this :

include_recipe 'iptables::default'

iptables_rule 'http' do
  action :create
end

Platform: Cent OS 7

Expectation: Rule should be created and iptables should be configured rightly.

Observation: Got following fatal error:

[2020-09-02T04:00:35-05:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2020-09-02T04:00:35-05:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2020-09-02T04:00:35-05:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: service[iptables] (iptables::default line 62) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of ["/usr/bin/systemctl", "--system", "start", "iptables"] ----
STDOUT:
STDERR: Job for iptables.service failed because the control process exited with error code. See "systemctl status iptables.service" and "journalctl -xe" for details.
---- End output of ["/usr/bin/systemctl", "--system", "start", "iptables"] ----
Ran ["/usr/bin/systemctl", "--system", "start", "iptables"] returned 1
n0noob commented 4 years ago

jouanalctl -xe showed following error:

-- Unit iptables.service has begun starting up.
Sep 02 04:00:35 cvrlx2001 systemd[1]: Stopping firewalld - dynamic firewall daemon...
-- Subject: Unit firewalld.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit firewalld.service has begun shutting down.
Sep 02 04:00:35 cvrlx2001 iptables.init[27590]: iptables: Applying firewall rules: iptables-restore v1.4.21: option "-A" requires an argument
Sep 02 04:00:35 cvrlx2001 iptables.init[27590]: Error occurred at line: 8
Sep 02 04:00:35 cvrlx2001 iptables.init[27590]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Sep 02 04:00:35 cvrlx2001 iptables.init[27590]: [FAILED]
Sep 02 04:00:35 cvrlx2001 systemd[1]: iptables.service: main process exited, code=exited, status=1/FAILURE
Sep 02 04:00:35 cvrlx2001 systemd[1]: Failed to start IPv4 firewall with iptables.
-- Subject: Unit iptables.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit iptables.service has failed.
xorima commented 3 years ago

Hey @n0noob

The reason for this is not enough options are being supplied so it will fail, see https://github.com/chef-cookbooks/iptables/blob/master/documentation/iptables_rule.md for more information on how to create rules.