search

chr4-cookbooks / iptables-ng

Cookbook to maintain iptables rules and policies on different platforms, respecting the way the os handles these settings.
GNU General Public License v3.0
38 stars 33 forks source link

Install iptables-services if Fedora 19 or greater #27

Closed ramereth closed 7 years ago

ramereth commented 10 years ago

Tests still fail on the service enable check but it otherwise seems to be working properly. Tested on Fedora 20 at least.

chr4 commented 10 years ago

Thanks for your contribution! There were some issues with Fedora in my testing setup, this is why I added this section: https://github.com/chr4-cookbooks/iptables-ng#known-issues

Where you able to run all the tests sucessfully using kitchen? Could you reproduce the issues with systemd/packages?

ramereth commented 10 years ago

I noticed that you had that section. I got at least any test that didn't require the check of the service being able to work at least on a few tests. Do you have any idea where that problem is? Seems like it might be a systemd issue but I didn't look that closely. If you'd like, I can try and take a closer look.

chr4 commented 10 years ago

As I do not use Fedora on production, I'd appreciate very much if you'd have a closer look! I'm not exactly sure what went wrong with the tests, though. I should've taken more notes :(

If you encounter issues, you can paste the kitchen/chef output here, maybe we can shed some light into this issue together.

stumped2 commented 10 years ago

@ramereth one thing you might double check: make sure /etc/sysconfig/{iptables,ip6tables} exists otherwise you could run into service issues.

The fedora docs make note of this in their explanation for disabling firewalld

jordane commented 10 years ago

@chr4 One of the major issues is that there is a bug causing Fedora to not be able to check the status of services correctly, which fails the tests. I submitted a patch to chef to get it fixed, but the tests won't pass until it gets merged and a new version is released.

chr4 commented 8 years ago

@jordane is the patched Chef version released? Can we continue working on this, resp. can this be closed?

jordane commented 8 years ago

@chr4 Yes. This is still desired. Fedora 19-21 pass tests, but are all end-of-lifed.

Fedora 22 and 23 do not pass tests because Chef does not properly support dnf (yum v4) yet, but upon its support they should pass as well.

chr4 commented 8 years ago

Thanks! So this is on hold until Chef adds proper support for recent Fedora releases.

jordane commented 8 years ago

Yeah. Here is the issue about it. The cookbook linked will likely be what makes it into core, but no PR has been opened yet.