search

geerlingguy / ansible-role-firewall

Ansible Role - iptables Firewall configuration.
https://galaxy.ansible.com/geerlingguy/firewall/
MIT License
524 stars 217 forks source link

Using "firewall_flush_rules_and_chains" #80

Closed alexeychusta closed 3 years ago

alexeychusta commented 3 years ago

When "firewall_flush_rules_and_chains:" is false

"Iptables.bash.js" template is missing "iptables -F"

But in "firewall.unit.j2" there is "ExecStop = /sbin/iptables -F"

And when the service restarts, all additional chains and rules are deleted

stale[bot] commented 3 years ago

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

stale[bot] commented 3 years ago

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

kare commented 9 months ago

I'm using @geerlingguy ansible-role-firewall with ansible-role-docker and it seems that the ports exposed via docker run -p 7171:32200 and opened in firewall with:

firewall_allowed_tcp_ports:
  - 7171

are not opened to public as they should be (I've had only temporary access to those ports). I've verified access to ports with nc -v -w 2 -z example.com 7171. Port 7171 is accessible on localhost.

There is a current non conflicting PR #106 opened by @vitabaks. I haven't tested it yet, but based on my review it would fix this issue.

Is it possible to get it tested, reviewed and merged?

kare commented 9 months ago

@geerlingguy Please re-open this issue, thanks

kare commented 9 months ago

Are these PR's relevant?

What would be the approach for a PR to get #80 and #82 fixed, merged and released?