Add variable for enabling ipv6/ip6tables configuration

geerlingguy / ansible-role-firewall

Ansible Role - iptables Firewall configuration.

https://galaxy.ansible.com/geerlingguy/firewall/

MIT License

524 stars 217 forks source link

Add variable for enabling ipv6/ip6tables configuration #64

Closed jyaworski closed 4 years ago

jyaworski commented 5 years ago

Needed for when IPv6 is disabled on the machine, yet the ip6tables binary is installed because iptables is installed:

[root@localhost ~]# yum provides /sbin/ip6tables
iptables-1.4.21-28.el7.x86_64 : Tools for managing Linux kernel packet filtering capabilities
Repo        : @cr
Matched from:
Filename    : /sbin/ip6tables

geerlingguy commented 4 years ago

As it turns out, I believe this flag is necessary to fix sudden test failures (e.g. see below, from this test run: https://travis-ci.org/geerlingguy/ansible-role-firewall/jobs/595189408#L930) that started today.

Oct 0d[1]: Starting Firewall...
931Oct 08 16:02:01 instance firewall.bash[429]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
932Oct 08 16:02:01 instance firewall.bash[429]: Perhaps ip6tables or your kernel needs to be upgraded.