[
https://issues.apache.org/jira/browse/CLOUDSTACK-9848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938293#comment-15938293
]
Jayapal Reddy commented on CLOUDSTACK-9848:
-------------------------------------------
Currently for add_chain exist status is not checked because the iptables rules
add processing fails when iptables chain policy is added. please see my below
debug log.
For '-P INPUT DROP' in compare method it is trying add chain without name
(actually there is no need to add chain for policy add rule) 'iptables -t
filter -N'
2017-03-23 09:34:06,048 CsNetfilter.py compare:139 fw ['filter', '', '-P INPUT
DROP']
2017-03-23 09:34:06,048 CsHelper.py execute2:209 Executing: iptables -t filter
-N
2017-03-23 09:34:06,056 configure.py main:1032 Exception while configuring
router
Traceback (most recent call last):
File "/opt/cloud/bin/configure.py", line 1015, in main
nf.compare(config.get_fw())
File "/opt/cloud/bin/cs/CsNetfilter.py", line 143, in compare
self.add_chain(new_rule)
File "/opt/cloud/bin/cs/CsNetfilter.py", line 193, in add_chain
raise Exception("iptables command got failed with error: {}".format(error))
Exception: iptables command got failed with error:
> VR commands exist status is not checked in python config files
> --------------------------------------------------------------
>
> Key: CLOUDSTACK-9848
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9848
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Jayapal Reddy
> Assignee: Jayapal Reddy
>
> When iptables rules are configured on the VR failures or exceptions are not
> detected in VR because iptables commands exit/return status is not
> checked.Also in exception catch failure is not returned.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
