search

chr4-cookbooks / iptables-ng

Cookbook to maintain iptables rules and policies on different platforms, respecting the way the os handles these settings.
GNU General Public License v3.0
38 stars 33 forks source link

service[iptables-persistent] always fails when rules changed #44

Closed glaszig closed 9 years ago

glaszig commented 9 years ago

either i'm incompetent or this is a bug. i've had this issue since forever. i also thought #14 resolved this but no.

after each run, having changed a rule, chef fails with the following.

Chef Client failed. 64 resources updated in 36.326835388 seconds
[2015-06-28T12:16:14+02:00] ERROR: ruby_block[restart_iptables] (iptables-ng::manage line 38) had an error: Mixlib::ShellOut::ShellCommandFailed: service[iptables-persistent] (dynamically defined) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of /etc/init.d/iptables-persistent restart ----
STDOUT: * Loading iptables rules...
 *  IPv4...
 *  IPv6...
   ...fail!
STDERR:
---- End output of /etc/init.d/iptables-persistent restart ----
Ran /etc/init.d/iptables-persistent restart returned 1

if i log into the server after this first run and manually do service iptables-persistent restart, it just works fine. it would also work just fine when i do a second chef run.

i am on ubuntu 12.04 and 14.04 using iptables-ng 2.2.7.

glaszig commented 9 years ago

incompetence. i didn't care enough about the ip_version rule attribute which got my /etc/iptables/rules.v6 poisoned with ipv4 rules. had to delete those manually. now it's converging fine.

iiro commented 8 years ago

I'm having this same problem.

I am defining the "ip_version 4" in every LWRP but this is still happening.

@glaszig what was your exact fix here?