Failure to add default tail rules
titleistfour opened this issue · 3 comments
titleistfour commented
This module looks really promising!
I'm testing this module out on a CentOS 7 box, with all the latest patches. Following the original blog post here, this task generates an error:
- name: Set default iptables tail rules
iptables_raw:
name: iptables_default_tail
weight: 99
keep_unmanaged: "{{ iptables_keep_unmanaged }}"
state: "{{ (iptables_default_tail != '') | ternary('present','absent') }}"
rules: "{{ iptables_default_tail }}'"
tags: iptables
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Bad iptables rule '''! You can only use -A/--append, -N/--new-chain and -P/--policy to specify rules."}
My defaults/main.yml is from the same blog post
---
# Default head (allow) rules
iptables_default_head: |
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# Default tail (deny) rules
iptables_default_tail: |
-A INPUT -j REJECT
-A FORWARD -j REJECT
iptables_custom_rules: []
# Example:
# iptables_custom_rules:
# - name: open_port_12345 # 'iptables_custom_rules_' will be prepended to this
# rules: "-A INPUT -p tcp --dport 12345 -j ACCEPT"
# state: present
# weight: 40
# ipversion: 4
# table: filter
#
# NOTE: 'name', 'rules' and 'state' are required, others are optional.
# By default this role deletes all iptables rules which are not managed by Ansible.
# Set this to 'yes', if you want the role to keep unmanaged rules.
iptables_keep_unmanaged: no
Any ideas on what is causing the failure?
Thanks,
Jay
titleistfour commented
Sorry about that, it seems I had a random single quote in there that was causing the problem.
Thanks for the great module! I hoping it gets included in 2.2.
Jay
kustodian commented
Thanks. Would be great if you could thumb up the PR :)
titleistfour commented
Sure thing!