search

geerlingguy / ansible-role-firewall

Ansible Role - iptables Firewall configuration.
https://galaxy.ansible.com/geerlingguy/firewall/
MIT License
524 stars 217 forks source link

Make flushing on restart truly optional #87

Closed isuftin closed 2 years ago

isuftin commented 3 years ago

This update adds the conditional check for firewall_flush_rules_and_chains to also not include ExecStop when false.

A side effect of that is that the bash script that triggers on restart will add the same rules to iptables again, duplicating the rules.

Running iptables-save | awk '/^COMMIT$/ { delete x; }; !x[$0]++' | uniq | iptables-restore after all rules have been (re)added will read iptables, remove duplicates and persist the rules.

This operation is probably only needed when we're not flushing on restart but otoh it also doesn't hurt to scrub dupe rules from iptables as a general practice?

isuftin commented 3 years ago

Implements https://github.com/geerlingguy/ansible-role-firewall/issues/82

stale[bot] commented 2 years ago

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

stale[bot] commented 2 years ago

This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.