-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
iptables module invokes match with singe quotes #23073
Comments
I think that the quoting is the right thing to do here. How about adding a |
Hello @dev00 Could you replace the "ISSUE TYPE" in the initial comment by "Feature Idea" instead of "Bug Report" Thank you |
@sebastiendarocha Done. Maybe we should add some information to the docs regarding working with ipset? |
Could we instead have an "extra_args" parameter to deal with these special cases? I also have another special case that is not the same. There was already another case solved previously. Seems like it will be endless Like this:
it would add "--zone 1" and "--match-set china src" to the command |
+1 |
Still need to run the commands manually |
@LinusU What do you think about cc @amolkahat |
Same issue but different Error on my side. When using the match option iptables is throwing an error because the match name is too long:
This error can be recreated on the machine by just typing the command invoked by ansible and is instantly working as expected as soon as the single quotes are removed from the command. |
The single quotes causes iptables to consume the entire string as the name of a module, and thus fails to dynamically load the module when executed. Also note that one can have multiple -m parameters since there are multiple modules, so I'm not sure how extra_args would work in this case. |
Quotes are invalid syntax for the iptables command. Is there any progress on a fix for this? |
I think that the |
why extra args? just treat match as a list and get rid of the quotes. iptables allows multiple match arguments. Additionally by getting rid of quotes you benefit other options like jump which will break if you try things like tproxy with it right now. Just eliminating quotes alone would fix a lot. |
+1 |
@paulramsey it's generally better to add a 👍 to the first comment and hit the subscribe button in the sidebar so you can vote for an issue and subscribe to future notifications on that issue without spamming everyone who's already subscribed. |
Is there any news about this issue? |
I am waiting for the this feature to be done too. need to load multiple match and respective args. |
waiting_on_contributor |
Just would like to point, in case this gets added, that we already have two names for this: pip module uses extra_args as a string, unarchive uses extra_opts as a list. |
Thank you very much for your submission to Ansible. It means a lot to us that you've taken time to contribute. Unfortunately, this issue has been open for some time while waiting for a contributor to take it up but there does not seem to have been anyone that did so. So we are going to close this issue to clear up the queues and make it easier for contributors to browse possible implementation targets. However, we're absolutely always up for discussion. Because this project is very active, we're unlikely to see comments made on closed tickets and we lock them after some time. If you or anyone else has any further questions, please let us know by using any of the communication methods listed in the page below: In the future, sometimes starting a discussion on the development list prior to proposing or implementing a feature can make getting things included a little easier, but it's not always necessary. Thank you once again for this and your interest in Ansible! |
ISSUE TYPE
COMPONENT NAME
iptables
ANSIBLE VERSION
CONFIGURATION
none
OS / ENVIRONMENT
Ubuntu 16.04
SUMMARY
Using the
iptables
module with thematch
parameter will put the match entry in single quotes which will result in fails when using it with tools like ipset.STEPS TO REPRODUCE
EXPECTED RESULTS
It should be invoked like:
ACTUAL RESULTS
It fails because Ansible invokes it in a manner which results in fails:
Output
The text was updated successfully, but these errors were encountered: