On Thu, Jul 7, 2016 at 6:44 AM, Strahinja Kustudić <[email protected]> wrote: > We wrote a new module called iptables_raw (docs) to make it easy to manage > iptables. The module has the following features: > > use iptables syntax to define rules > keep iptables state > order rules by weigh > support different iptables tables (filter, nat, raw,...) > management of unmanaged rules > ip6tables > safe flushing of table rules > > I wrote a blog post which explains how we use this module and how we manage > iptables with it. Give it a read, try the module and tell us what you think, > feedback would be much appreciated.
Kudos on saving the state and providing locking around that state. As long as you can ensure that this module is the only thing manipulating iptables on the hosts you are managing, then there should be no issues. In the project I work on, we don't have that guarantee, so we work around it by adding a chain to minimize the possibility of conflicts with other services managing iptables. It doesn't completely solve the issue, but it has improved reliability in practice. -- Jason DeTiberus -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAFJ7vd_9PwkuK0C1e24%3DF-Li_pf%2BTRn1KRK3j0kcHnHcO9m%2BUg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
