search

geerlingguy / ansible-role-firewall

Ansible Role - iptables Firewall configuration.
https://galaxy.ansible.com/geerlingguy/firewall/
MIT License
529 stars 219 forks source link

nat rules are not flushed on stop #62

Closed jdelvecchio closed 4 years ago

jdelvecchio commented 5 years ago

Hi,

If you add a nat rule inside firewall_additional_rules and specify -t nat, when you stop the firewall service using systemctl stop firewall - the rule is still present.

I checked the systemd file, it uses ExecStop=/sbin/iptables -F and in order to flush the nat rules too, we also need iptables -t nat -F

Example of rule that is not deleted after a stop :

firewall_additional_rules:
  - "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE"

Regards, Julien

stale[bot] commented 4 years ago

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

stale[bot] commented 4 years ago

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.