[ansible-project] Re: But in iptables module?

Sun, 20 Mar 2016 12:50:42 -0700 

I belive you need to use "match: conntrack" instead of "match: state" when 
using ctstate

On Friday, March 18, 2016 at 10:07:49 PM UTC+1, Joshua Kugler wrote:
>
> I'm trying to use the iptables module, and I *think* I'm hitting a bug. 
> Wanted 
> a sanity check before I open a bug report. This is Ansible 2.0.0.2. The 
> action 
> looks like this: 
>
>    - name: Update IPtables rules 
>      iptables: 
>        chain: INPUT 
>        match: state 
>        ctstate: NEW,RELATED,ESTABLISHED 
>        destination_port: 6556 
>        protocol: tcp 
>        jump: ACCEPT 
>
> It's failing with this: 
>
>   fatal: [ubuntu:]: FAILED! => { 
>   "changed": false, 
>   "cmd": "\/sbin\/iptables -t filter -A INPUT -p tcp -m state -j ACCEPT -- 
> destination-port 6556 -m state --state NEW,RELATED,ESTABLISHED", 
>   "failed": true, 
>   "msg": "iptables v1.4.21: state: option \"--state\" must be 
> specified\n\nTry 
> `iptables -h' or 'iptables --help' for more information.", 
>   "rc": 2, 
>   "stderr": "iptables v1.4.21: state: option \"--state\" must be 
> specified\n\nTry `iptables -h' or 'iptables --help' for more 
> information.\n", 
>   "stdout": "", 
>   "stdout_lines": [ 
>     
>   ] 
> } 
>
> The command it's trying to run is this: 
>
> -t filter -A INPUT -p tcp -m state -j ACCEPT --destination-port 6556 -m 
> state 
> --state NEW,RELATED,ESTABLISHED 
>
> Notice how it puts an '-m state' before the '-j ACCEPT' and then it does 
> the 
> '-m state --state ..." properly later. 
>
> Bug? Or something I'm missing? 
>
> j 
>
>
>
> -- 
> Joshua J. Kugler - Fairbanks, Alaska 
> Azariah Enterprises - Programming and Website Design 
> [email protected] <javascript:> - Jabber: [email protected] <javascript:> 
> PGP Key: http://pgp.mit.edu/  ID 0x73B13B6A 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a322a127-e227-44be-bd34-dd047cf1d683%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to