Closed micmicsuarez closed 8 years ago
pretty certain you need to add a rule for port 22 or else you filter traffic to the virtual host and kitchen dies.
Hi @lamont-granquist
I added a rule for port 22 and this is the config in default attribute.
default['iptables']['prefix'] = [
'-A FWR -i lo -j ACCEPT',
'-A FWR -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT',
'-A INPUT -j FWR'
]
Code for the default recipe.
include_recipe 'iptables'
iptables_rule "new_rule" do
lines '-A INPUT -j FWR'
end
iptables_rule 'prefix' do
lines node['iptables']['prefix'].flatten.join("\n")
end
I found out the cause of this issue, when I executed the kitchen test
command. It can't find the eth0
interface.
-A FWR -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT'
I sshed to the virtual machine and executed "ip link show` command. Here are the results:
[vagrant@default-centos-72 ~]$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 08:00:27:0c:4e:dc brd ff:ff:ff:ff:ff:ff
It seems that there are only two interfaces, lo
and enp0s3
.
Maybe I need to add an attribute in the .kitchen.yml
just to override the value of ['iptables']['prefix']
node. What do you think?
Thanks, Micmic
my fixed works and will close this issue. Thanks @lamont-granquist
Cookbook version
iptables
version3.0.1
Chef-client version
chef-client version: 12.14.89
Platform Details
CentOs 7.2
Scenario:
Run the
kitchen test
command inside the cookbook.Steps to Reproduce:
vagrant
as the driver in.kitchen.yml
.CentOs 7.2
as aplatform
in.kitchen.yml
.depends 'iptables', '~> 3.0.1'
inmetadata.rb
.kitchen test
.This is my kitchen test.
Expected Result:
It must successfully add the new rule.
Actual Result:
These are the error logs after the execution of
kitchen test
command.