RHEL 5.7
I need to duplicate this command (that does work):
# allow (udp) dns from IP range
/sbin/iptables -A INPUT -p udp -s 10.0.0.0/8 --sport domain --dport 1025:65535
-j ACCEPT
So I tried:
firewall { "011 a allow DNS":
proto => 'udp',
sport => 'domain',
dport => '1025-65535',
source => ['10.0.0.0/8'],
action => 'accept',
}
And it says:
err: /Firewall[011 a allow DNS]: Could not evaluate: Execution of
'/sbin/iptables -R INPUT 16 -t filter -s 10.0.0.0/8 -p udp -m multiport
--sports 53 -m multiport --dports 1025:65535 -m comment --comment 011 a allow
DNS -j ACCEPT' returned 2: Try `iptables -h' or 'iptables --help' for more
information.
So I pull from the log:
/sbin/iptables -I INPUT 4 -t filter -s 10.0.0.0/8 -p udp -m multiport --sports
53 -m multiport --dports 1025:65535 -m comment --comment 011 a allow DNS -j
ACCEPT
and it says :
Bad argument `1025:65535'
Try `iptables -h' or 'iptables --help' for more information.
firewall { "011 a allow DNS": proto => 'udp', sport => '53', source =>
['10.0.0.0/8'], action => 'accept', }
-A INPUT -s 10.0.0.0/255.0.0.0 -p udp -m multiport --sports 53 -m comment
--comment "011 a allow DNS" -j ACCEPT
firewall { "011 a allow DNS": proto => 'udp', sport => '53', dport => '1025',
source => ['10.0.0.0/8'], action => 'accept', }
err: /Firewall[011 a allow DNS]: Could not evaluate: Execution of
'/sbin/iptables -R INPUT 13 -t filter -s 10.0.0.0/8 -p udp -m multiport
--sports 53 -m multiport --dports 1025 -m comment --comment 011 a allow DNS -j
ACCEPT' returned 2: Try `iptables -h' or 'iptables --help' for more information.
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
