-
-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Flush rules for INPUT chain only (for compatibility with docker) #106
base: master
Are you sure you want to change the base?
Conversation
Do not clear all chains (if 'firewall_flush_rules_and_chains' is 'false') to leave DOCKER chains without changes. Instead, the ability to clear only INPUT chains has been added, as well as the ability to specify which tables to clean (nat, mangle, filter). New variables: - firewall_flush_rules_input_nat - firewall_flush_rules_input_mangle - firewall_flush_rules_input_filter
This task is not necessary because when the firewall service starts, the filter table will be cleared (iptables -F or iptables -t filter -F INPUT).
This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! Please read this blog post to see the reasons why I mark issues as stale. |
This works pretty well! 👍 |
@etoosamoe Do you think this PR is ready for a merge? |
Definitely. It does exactly what it supposed to do - add controls if we want to flush some another chains. |
This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! Please read this blog post to see the reasons why I mark issues as stale. |
This pull request refactors the firewall playbook to introduce the ability to flush only the INPUT chains, while leaving other chains (such as DOCKER chains) untouched. This change is made to ensure compatibility with Docker configurations.
The following changes have been made:
firewall_flush_rules_input_nat
: Indicates whether to flush the INPUT chain in the 'nat' table.firewall_flush_rules_input_mangle
: Indicates whether to flush the INPUT chain in the 'mangle' table.firewall_flush_rules_input_filter
: Indicates whether to flush the INPUT chain in the 'filter' table.These changes ensure compatibility with Docker configurations and provide more flexibility in managing firewall rules.