Github user andreaturli commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/62#discussion_r17569005
--- Diff:
utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsTest.java ---
@@ -27,43 +27,56 @@
public class IptablesCommandsTest {
- private static final String cleanUptptablesRules = "( if test \"$UID\"
-eq 0; then ( /sbin/iptables -F ); else sudo -E -n -S -- /sbin/iptables -F; fi
)";
+ private static final String cleanUptptablesRules = "( if test \"$UID\"
-eq 0; then ( /sbin/iptables -F ); else sudo -E -n -S -- /sbin/iptables -F; fi
)";
- public static final String insertIptablesRule = "( if test \"$UID\" -eq
0; then ( /sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
- + "else sudo -E -n -S -- /sbin/iptables -I INPUT -i eth0 -p tcp
--dport 3306 -j ACCEPT; fi )";
- public static final String appendIptablesRule = "( if test \"$UID\" -eq
0; then ( /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
- + "else sudo -E -n -S -- /sbin/iptables -A INPUT -i eth0 -p tcp
--dport 3306 -j ACCEPT; fi )";
- public static final String insertIptablesRuleAll = "( if test \"$UID\"
-eq 0; then ( /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT ); "
- + "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp --dport
3306 -j ACCEPT; fi )";
- public static final String appendIptablesRuleAll = "( if test \"$UID\"
-eq 0; then ( /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT ); "
- + "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp --dport
3306 -j ACCEPT; fi )";
-
- @Test
- public void testCleanUpIptablesRules() {
- Assert.assertEquals(IptablesCommands.cleanUpIptablesRules(),
cleanUptptablesRules);
- }
+ public static final String insertIptablesRule = "( if test \"$UID\"
-eq 0; then ( /sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
+ + "else sudo -E -n -S -- /sbin/iptables -I INPUT -i eth0 -p
tcp --dport 3306 -j ACCEPT; fi )";
+ private static final String appendIptablesRule = "( if test \"$UID\"
-eq 0; then ( /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
+ + "else sudo -E -n -S -- /sbin/iptables -A INPUT -i eth0 -p
tcp --dport 3306 -j ACCEPT; fi )";
+ private static final String insertIptablesRuleAll = "( if test
\"$UID\" -eq 0; then ( /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT );
"
+ + "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp
--dport 3306 -j ACCEPT; fi )";
+ private static final String appendIptablesRuleAll = "( if test
\"$UID\" -eq 0; then ( /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT );
"
+ + "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp
--dport 3306 -j ACCEPT; fi )";
+ private static final String saveIptablesRules = "( ( if test \"$UID\"
-eq 0; then ( service iptables save ); else sudo -E -n -S -- service iptables
save; fi ) || " +
--- End diff --
`iptables-persistent` saves the current ipv4 and ipv6 firewall rules during
the installation.
So `saveIptablesRules` need to invoke `sudo /etc/init.d/iptables-persistent
save` as explained
[here](http://askubuntu.com/questions/119393/how-to-save-rules-of-the-iptables)
to save rules using `iptables-persistent`
Notice also that as we enable `DEBIAN_FRONTEND=noninteractive` for apt-get
install, the problem described
[here](http://askubuntu.com/questions/339790/how-can-i-prevent-apt-get-aptitude-from-showing-dialogs-during-installation)
is solved.
I've tested the command on an empirical test on a centOS 6 server and a
Debian 7 server
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
