When using the example for building and iterating over attributes to generate iptables rules, the documentation suggests using ['iptables']['blah'] to generate the rules, then iterating over them. The mechanism works, but the suggested namespace already has ['iptables']['iptables_sysconfig'], ['iptables']['ip6tables_sysconfig'], and ['iptables']['system_ruby'] in it from the attributes file. This generates invalid iptables rules and breaks the script.
Steps to Reproduce:
Use the attribute-based mechanism to generate one rule, as per the documentation:
node.default['iptables']['port_80'] =
Expected Result:
A file gets dropped in /etc/iptables.d/port_80 with the rule and iptables rebuilds.
Actual Result:
A file gets dropped in /etc/iptables.d/port_80 with the rule, as does:
/etc/iptables.d/iptables_config
/etc/iptables.d/ip6tables_config
/etc/iptables.d/system_ruby
rebuild-iptables breaks when trying to parse the first file.
Cookbook version
4.3.0
Chef-client version
12.12.x
Platform Details
CentOS/RHEL 6
Scenario:
When using the example for building and iterating over attributes to generate iptables rules, the documentation suggests using ['iptables']['blah'] to generate the rules, then iterating over them. The mechanism works, but the suggested namespace already has ['iptables']['iptables_sysconfig'], ['iptables']['ip6tables_sysconfig'], and ['iptables']['system_ruby'] in it from the attributes file. This generates invalid iptables rules and breaks the script.
Steps to Reproduce:
Use the attribute-based mechanism to generate one rule, as per the documentation: node.default['iptables']['port_80'] =
Expected Result:
A file gets dropped in /etc/iptables.d/port_80 with the rule and iptables rebuilds.
Actual Result:
A file gets dropped in /etc/iptables.d/port_80 with the rule, as does:
rebuild-iptables breaks when trying to parse the first file.