Closed sid255 closed 2 years ago
iptables -F
present both in:
is a command to never execute when your chains policies are different from ACCEPT. Can you confirm this is your case @sid255 ?
Maybe supporting a configurable default var firewall_flush_commands
that defaults to current iptables -F
with a README note that proposes to execute the following consecutive commands
iptables -w 45 -P INPUT ACCEPT; iptables -w 45 -P FORWARD ACCEPT; iptables -w 45 -P OUTPUT ACCEPT; iptables -w 45 -F
as a proposal for people in this situation would solve the problem?
edit: merge request #87, aiming to solve the specific case of interaction with docker daemon managed rules mentioned in #82, has an alternative proposal to disable the initial flush and systemd ExecStop altogether
ok, I've opened PR #89 as a proposal to fix this issue
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read this blog post to see the reasons why I mark issues as stale.
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
When I run this role on my remote servers, the first task of flushing iptables is causing ssh lockdown and disconnection. I had to add the default rules task before flushing to make it work. Is this normal behavior or am I doing something wrong?