chr4-cookbooks / iptables-ng

Cookbook to maintain iptables rules and policies on different platforms, respecting the way the os handles these settings.
GNU General Public License v3.0
38 stars 32 forks source link

locking a rule to one TCP version doesn't work (on el7) #51

Closed spkane closed 9 years ago

spkane commented 9 years ago

This code snippet does not work as expected. Both of these rules end up in both sysconfig files on EL7 (CentOS).

            },
            "80-icmp": {
              "rule": "-p icmp --icmp-type echo-request -j ACCEPT",
              "ip_vesion": 4
            },
            "80-icmpv6": {
              "rule": "-p icmpv6 --icmpv6-type echo-request -j ACCEPT",
              "ip_vesion": 6
            },

files look like this:

append INPUT -p icmp --icmp-type echo-request -j ACCEPT
append INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
spkane commented 9 years ago

Noticed a typo. I had missed the other 12 times I looked at this....

 "ip_version": 6

NOT

 "ip_vesion": 6