New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iptables policy state never changed #29379

Closed
ansibot opened this Issue Sep 11, 2017 · 4 comments

Comments

Projects
None yet
3 participants
@ansibot
Contributor

ansibot commented Sep 11, 2017

From @cranebytes on 2016-10-13T12:23:58Z

ISSUE TYPE
  • Bug Report
COMPONENT NAME

iptables

ANSIBLE VERSION
ansible --version
ansible 2.3.0 (devel 6be09ee866) last updated 2016/10/12 15:01:20 (GMT +200)
  lib/ansible/modules/core: (detached HEAD 275fa3f055) last updated 2016/10/12 21:06:11 (GMT +200)
  lib/ansible/modules/extras: (detached HEAD 6c31d91fa5) last updated 2016/10/12 21:06:16 (GMT +200)
  config file = /Users/crane/live/ansible.cfg
  configured module search path = Default w/o overrides
CONFIGURATION
OS / ENVIRONMENT
SUMMARY

The state of the task is never changed even when it changed things.

STEPS TO REPRODUCE
- name: Setting policy drop
  iptables:
    chain: "{{ item[0] }}"
    policy: DROP
    ip_version: "{{ item[1] }}"
  with_nested:
    - ['INPUT', 'OUTPUT', 'FORWARD']
    - ['ipv4', 'ipv6']
EXPECTED RESULTS

I expect the state is changed when the policy is changed

ACTUAL RESULTS

State never changed

TASK [crane.firewall : Setting policy drop] *******************************
task path: /Users/crane/live/roles/crane.firewall/tasks/main.yml:15
Using module file /Users/crane/ansible/lib/ansible/modules/extras/system/iptables.py
<test> ESTABLISH SSH CONNECTION FOR USER: root
<test> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/crane/.ssh/id_ed25519"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/Users/crane/.ansible/cp/ansible-ssh-%h-%p-%r test '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
ok: [test] => (item=[u'INPUT', u'ipv4']) => {
    "chain": "INPUT",
    "changed": false,
    "failed": false,
    "flush": false,
    "invocation": {
        "module_args": {
            "action": "append",
            "chain": "INPUT",
            "comment": null,
            "ctstate": [],
            "destination": null,
            "destination_port": null,
            "flush": false,
            "fragment": null,
            "goto": null,
            "icmp_type": null,
            "in_interface": null,
            "ip_version": "ipv4",
            "jump": null,
            "limit": null,
            "limit_burst": null,
            "match": [],
            "out_interface": null,
            "policy": "DROP",
            "protocol": null,
            "reject_with": null,
            "set_counters": null,
            "set_dscp_mark": null,
            "set_dscp_mark_class": null,
            "source": null,
            "source_port": null,
            "state": "present",
            "table": "filter",
            "to_destination": null,
            "to_ports": null,
            "to_source": null,
            "uid_owner": null
        },
        "module_name": "iptables"
    },
    "ip_version": "ipv4",
    "item": [
        "INPUT",
        "ipv4"
    ],
    "rule": "",
    "state": "present",
    "table": "filter"
}
[...] (Cut off to save space)

Copied from original issue: ansible/ansible-modules-extras#3156

@ansibot

This comment has been minimized.

Contributor

ansibot commented Sep 11, 2017

From @ansibot on 2016-10-13T12:23:58Z

@LinusU ping, this issue is waiting for your response.
click here for bot help

@ansibot

This comment has been minimized.

Contributor

ansibot commented Sep 11, 2017

From @craneworks on 2016-10-13T12:23:58Z

I see this also in v2.2.0.0-0.1.rc1.

@ansibot

This comment has been minimized.

Contributor

ansibot commented Sep 11, 2017

From @LinusU on 2016-10-13T12:23:58Z

needs_contributor

@sebastiendarocha

This comment has been minimized.

Contributor

sebastiendarocha commented Sep 22, 2017

Didn't reproduce on 2.5.0.0

Fixed by 3691c78

@mscherer could you close this ?

@mscherer mscherer closed this Sep 22, 2017

@ansibot ansibot added bug and removed bug_report labels Mar 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment