[jira] [Commented] (BROOKLYN-36) IptablesCommands.saveIptablesRules doesn't work as expected

ASF GitHub Bot (JIRA) Mon, 15 Sep 2014 14:13:35 -0700

    [ 
https://issues.apache.org/jira/browse/BROOKLYN-36?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14134488#comment-14134488
 ]


ASF GitHub Bot commented on BROOKLYN-36:
----------------------------------------

Github user andreaturli commented on a diff in the pull request:

    https://github.com/apache/incubator-brooklyn/pull/62#discussion_r17569005
  
    --- Diff: 
utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsTest.java ---
    @@ -27,43 +27,56 @@
     
     public class IptablesCommandsTest {
     
    -   private static final String cleanUptptablesRules = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -F ); else sudo -E -n -S -- /sbin/iptables -F; fi 
)";
    +    private static final String cleanUptptablesRules = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -F ); else sudo -E -n -S -- /sbin/iptables -F; fi 
)";
     
    -   public static final String insertIptablesRule = "( if test \"$UID\" -eq 
0; then ( /sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -I INPUT -i eth0 -p tcp 
--dport 3306 -j ACCEPT; fi )";
    -   public static final String appendIptablesRule = "( if test \"$UID\" -eq 
0; then ( /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -A INPUT -i eth0 -p tcp 
--dport 3306 -j ACCEPT; fi )";
    -   public static final String insertIptablesRuleAll = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp --dport 
3306 -j ACCEPT; fi )";
    -   public static final String appendIptablesRuleAll = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp --dport 
3306 -j ACCEPT; fi )";
    -   
    -   @Test
    -   public void testCleanUpIptablesRules() {
    -      Assert.assertEquals(IptablesCommands.cleanUpIptablesRules(), 
cleanUptptablesRules);
    -   }
    +    public static final String insertIptablesRule = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    +            + "else sudo -E -n -S -- /sbin/iptables -I INPUT -i eth0 -p 
tcp --dport 3306 -j ACCEPT; fi )";
    +    private static final String appendIptablesRule = "( if test \"$UID\" 
-eq 0; then ( /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    +            + "else sudo -E -n -S -- /sbin/iptables -A INPUT -i eth0 -p 
tcp --dport 3306 -j ACCEPT; fi )";
    +    private static final String insertIptablesRuleAll = "( if test 
\"$UID\" -eq 0; then ( /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT ); 
"
    +            + "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp 
--dport 3306 -j ACCEPT; fi )";
    +    private static final String appendIptablesRuleAll = "( if test 
\"$UID\" -eq 0; then ( /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT ); 
"
    +            + "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp 
--dport 3306 -j ACCEPT; fi )";
    +    private static final String saveIptablesRules = "( ( if test \"$UID\" 
-eq 0; then ( service iptables save ); else sudo -E -n -S -- service iptables 
save; fi ) || " +
    --- End diff --
    
    `iptables-persistent` saves the current ipv4 and ipv6 firewall rules during 
the installation.
    So `saveIptablesRules` need to invoke `sudo /etc/init.d/iptables-persistent 
save` as explained 
[here](http://askubuntu.com/questions/119393/how-to-save-rules-of-the-iptables) 
to save rules using `iptables-persistent`
    
    Notice also that as we enable `DEBIAN_FRONTEND=noninteractive` for apt-get 
install, the problem described 
[here](http://askubuntu.com/questions/339790/how-can-i-prevent-apt-get-aptitude-from-showing-dialogs-during-installation)
 is solved. 
    
    I've tested the command on an empirical test on a centOS 6 server and a 
Debian 7 server


> IptablesCommands.saveIptablesRules doesn't work as expected
> -----------------------------------------------------------
>
>                 Key: BROOKLYN-36
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-36
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Andrea Turli
>            Assignee: Andrea Turli
>            Priority: Minor
>             Fix For: 0.7.0-SNAPSHOT
>
>
> This needs to be revisited as the behavior is not as described at 
> http://www.thomas-krenn.com/en/wiki/Saving_Iptables_Firewall_Rules_Permanently,
>  for example



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (BROOKLYN-36) IptablesCommands.saveIptablesRules doesn't work as expected

Reply via email to