[jira] [Commented] (BROOKLYN-36) IptablesCommands.saveIptablesRules doesn't work as expected

ASF GitHub Bot (JIRA) Fri, 12 Sep 2014 02:05:42 -0700

    [ 
https://issues.apache.org/jira/browse/BROOKLYN-36?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14131301#comment-14131301
 ]


ASF GitHub Bot commented on BROOKLYN-36:
----------------------------------------

Github user aledsage commented on a diff in the pull request:

    https://github.com/apache/incubator-brooklyn/pull/62#discussion_r17469549
  
    --- Diff: 
utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsTest.java ---
    @@ -27,43 +27,56 @@
     
     public class IptablesCommandsTest {
     
    -   private static final String cleanUptptablesRules = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -F ); else sudo -E -n -S -- /sbin/iptables -F; fi 
)";
    +    private static final String cleanUptptablesRules = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -F ); else sudo -E -n -S -- /sbin/iptables -F; fi 
)";
     
    -   public static final String insertIptablesRule = "( if test \"$UID\" -eq 
0; then ( /sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -I INPUT -i eth0 -p tcp 
--dport 3306 -j ACCEPT; fi )";
    -   public static final String appendIptablesRule = "( if test \"$UID\" -eq 
0; then ( /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -A INPUT -i eth0 -p tcp 
--dport 3306 -j ACCEPT; fi )";
    -   public static final String insertIptablesRuleAll = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp --dport 
3306 -j ACCEPT; fi )";
    -   public static final String appendIptablesRuleAll = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp --dport 
3306 -j ACCEPT; fi )";
    -   
    -   @Test
    -   public void testCleanUpIptablesRules() {
    -      Assert.assertEquals(IptablesCommands.cleanUpIptablesRules(), 
cleanUptptablesRules);
    -   }
    +    public static final String insertIptablesRule = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    +            + "else sudo -E -n -S -- /sbin/iptables -I INPUT -i eth0 -p 
tcp --dport 3306 -j ACCEPT; fi )";
    +    private static final String appendIptablesRule = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    +            + "else sudo -E -n -S -- /sbin/iptables -A INPUT -i eth0 -p 
tcp --dport 3306 -j ACCEPT; fi )";
    +    private static final String insertIptablesRuleAll = "( if test 
\"$UID\" -eq 0; then ( /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT ); 
"
    +            + "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp 
--dport 3306 -j ACCEPT; fi )";
    +    private static final String appendIptablesRuleAll = "( if test 
\"$UID\" -eq 0; then ( /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT ); 
"
    +            + "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp 
--dport 3306 -j ACCEPT; fi )";
    +    private static final String saveIptablesRules = "( ( if test \"$UID\" 
-eq 0; then ( service iptables save ); else sudo -E -n -S -- service iptables 
save; fi ) || " +
    --- End diff --
    
    To save the iptables rules, will installing `iptables-persistent` really do 
that? I thought that would just restore the iptables on restart based on the 
contents of either `/etc/iptables/rules.v4` or `/etc/iptables/rules.v6`. Would 
we not also need to do `dpkg-reconfigure iptables-persistent` or `iptables-save 
>/etc/iptables/rules.v4`?
    
    But empirical evidence (and ideally live tests!) trumps everything else.
    
    See 
http://unix.stackexchange.com/questions/125833/why-isnt-the-iptables-persistent-service-saving-my-changes


> IptablesCommands.saveIptablesRules doesn't work as expected
> -----------------------------------------------------------
>
>                 Key: BROOKLYN-36
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-36
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Andrea Turli
>            Assignee: Andrea Turli
>            Priority: Minor
>             Fix For: 0.7.0-SNAPSHOT
>
>
> This needs to be revisited as the behavior is not as described at 
> http://www.thomas-krenn.com/en/wiki/Saving_Iptables_Firewall_Rules_Permanently,
>  for example



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (BROOKLYN-36) IptablesCommands.saveIptablesRules doesn't work as expected

Reply via email to