chr4-cookbooks / iptables-ng

Cookbook to maintain iptables rules and policies on different platforms, respecting the way the os handles these settings.
GNU General Public License v3.0
38 stars 32 forks source link

Amazon linux doesn't have iptables-service #37

Closed sozonnyk closed 9 years ago

sozonnyk commented 9 years ago

Amazon Linux is identified as rhel, and recipe fails because iptables-service package is unavailable.

chr4 commented 9 years ago

Thanks for your report. Can you elaborate a little more? I though Amazon Linux is quite RHEL compatible so far. What version are you using, and which versions are affected?

The iptables-services package should be available according to this post.

I think this might be due to the different versioning, as Amazon Linux uses 2014.09 while RHEL is at 7.

My guess is, you're using an older version of Amazon Linux, which is still on a RHEL 6 (or lower) basis, but 2014.09 > 7 so the recipe gets confused.

Note that you can also always override the packages installed as the README states:

node['iptables-ng']['packages'] = %w(iptables iptables-ipv6)
sozonnyk commented 9 years ago

Yes, you are right, it is 2014.03 I believe all versions above 2.2.0 are affected. Thanks for a hint with packages override, though.

cat ./system-release

Amazon Linux AMI release 2014.03

yum install iptables-services

Loaded plugins: priorities, update-motd, upgrade-helper amzn-main/latest | 2.1 kB 00:00
amzn-updates/latest | 2.3 kB 00:00
No package iptables-services available. Error: Nothing to do

chr4 commented 9 years ago

Could you try whether this is the case on 2014.09, too? I can't test Amazon Linux, as there's not vagrant boxes for it as far as I know. I don't want to remove iptables-services and then break support for the current release.

jschnurholmes commented 9 years ago

I am having the same problem using Amazon Linux 2014.09:

# cat /etc/system-release
Amazon Linux AMI release 2014.09

# sudo yum install iptables-services
Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main/latest                                                                                                                                      | 2.1 kB     00:00     
amzn-updates/latest                                                                                                                                   | 2.3 kB     00:00     
1017 packages excluded due to repository priority protections
No package iptables-services available.
Error: Nothing to do

In case it helps:

# yum search iptables
Loaded plugins: priorities, update-motd, upgrade-helper
1017 packages excluded due to repository priority protections
=========================================================================== N/S matched: iptables ===========================================================================
perl-IPTables-ChainMgr.noarch : Perl extension for manipulating iptables policies
perl-IPTables-Parse.noarch : Perl extension for parsing iptables firewall rulesets
collectd-iptables.x86_64 : Iptables plugin for collectd
fwsnort.noarch : Translates Snort rules into equivalent iptables rules
iptables-devel.x86_64 : Development package for iptables
iptables-utils.x86_64 : iptables and ip6tables services for iptables
shorewall.noarch : An iptables front end for firewall configuration
compat-iptables.i686 : Tools for managing Linux kernel packet filtering capabilities
compat-iptables.x86_64 : Tools for managing Linux kernel packet filtering capabilities
firehol.noarch : A powerful yet easy to use iptables frontend
iptables.i686 : Tools for managing Linux kernel packet filtering capabilities
iptables.x86_64 : Tools for managing Linux kernel packet filtering capabilities
iptstate.x86_64 : A top-like display of IP Tables state table entries

  Name and summary matches only, use "search all" for everything.
chr4 commented 9 years ago

I released v2.2.5 with a fix that just installs only iptables on Amazon Linux. Waiting for further bug reports. :)