[
https://issues.apache.org/jira/browse/CLOUDSTACK-9848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938293#comment-15938293
]
Jayapal Reddy edited comment on CLOUDSTACK-9848 at 3/23/17 1:30 PM:
--------------------------------------------------------------------
Currently for add_chain exist status is not checked because the iptables rules
add processing fails when iptables chain policy is added. This needs to be
fixed.
please see my below debug log.
For '-P INPUT DROP' in compare method it is trying add chain without name
(actually there is no need to add chain for policy add rule) 'iptables -t
filter -N'
2017-03-23 09:34:06,048 CsNetfilter.py compare:139 fw ['filter', '', '-P INPUT
DROP']
2017-03-23 09:34:06,048 CsHelper.py execute2:209 Executing: iptables -t filter
-N
2017-03-23 09:34:06,056 configure.py main:1032 Exception while configuring
router
Traceback (most recent call last):
File "/opt/cloud/bin/configure.py", line 1015, in main
nf.compare(config.get_fw())
File "/opt/cloud/bin/cs/CsNetfilter.py", line 143, in compare
self.add_chain(new_rule)
File "/opt/cloud/bin/cs/CsNetfilter.py", line 193, in add_chain
raise Exception("iptables command got failed with error: {}".format(error))
Exception: iptables command got failed with error:
was (Author: jayapal):
Currently for add_chain exist status is not checked because the iptables rules
add processing fails when iptables chain policy is added. please see my below
debug log.
For '-P INPUT DROP' in compare method it is trying add chain without name
(actually there is no need to add chain for policy add rule) 'iptables -t
filter -N'
2017-03-23 09:34:06,048 CsNetfilter.py compare:139 fw ['filter', '', '-P INPUT
DROP']
2017-03-23 09:34:06,048 CsHelper.py execute2:209 Executing: iptables -t filter
-N
2017-03-23 09:34:06,056 configure.py main:1032 Exception while configuring
router
Traceback (most recent call last):
File "/opt/cloud/bin/configure.py", line 1015, in main
nf.compare(config.get_fw())
File "/opt/cloud/bin/cs/CsNetfilter.py", line 143, in compare
self.add_chain(new_rule)
File "/opt/cloud/bin/cs/CsNetfilter.py", line 193, in add_chain
raise Exception("iptables command got failed with error: {}".format(error))
Exception: iptables command got failed with error:
> VR commands exist status is not checked in python config files
> --------------------------------------------------------------
>
> Key: CLOUDSTACK-9848
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9848
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Jayapal Reddy
> Assignee: Jayapal Reddy
>
> When iptables rules are configured on the VR failures or exceptions are not
> detected in VR because iptables commands exit/return status is not
> checked.Also in exception catch failure is not returned.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
