Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Large ruleset load fails #8

auxesis opened this Issue · 0 comments

1 participant


Running ript rules apply sometimes fails to load rules:

$ ript rules generate /etc/firewall/ | wc -c
$ ript rules diff /etc/firewall/ | wc -c
$ ript rules apply /etc/firewall/ | wc -c
$ ript rules diff /etc/firewall/ | wc -c
# ^ should be 0


The offending code is here:

To explain what's going on:

  • L122 is calling ript diff with the same arguments as passed to ript apply which generates the iptables commands to be run to bring the machine to the desired state.
  • L123 outputs the captured output from ript diff to the console, for user feedback.
  • L124 constructs a shell command to execute the captured ript diff output, and executes it

The problem is the length of the output that is being passed to the command:

# ript rules generate /etc/firewall/ | wc -c

That's a whole lotta characters, and Ruby's system() method doesn't seem to like it at all. If I print the result of the system() method call, I receive a nil.

The Ruby stdlib docs; say:

system returns true if the command gives zero exit status, false for non zero exit status. Returns nil if command execution fails. An error status is available in $?.

This seems to be a problem if you're doing a large initial import of rules on a new machine.

@auxesis auxesis was assigned
@auxesis auxesis closed this in 7a24f66
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.