-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for extra chains #1
Comments
System on which I'm testing is running EL5.6 + all updates on 32bits with puppet from epel |
Just in case, my iptables-save output: Generated by iptables-save v1.3.5 on Wed Jul 6 15:39:19 2011*filter Completed on Wed Jul 6 15:39:19 2011 |
So I've allowed almost any string for the chain and jump parameters now. This at least is a step in the correct direction. |
Will try to retest on monday :-) |
It seems to work, gonna start opening more tickets for other things :-) |
Hi
RH-based distros use a chain created by system-config-firewall named "RH-Firewall-1-INPUT" which is the first target for INPUT and FORWARD chains.
"RH-Firewall-1-INPUT" ends 'rejecting anything not aproved previously' thus returning to INPUT or FORWARD chains.
This allows to use RH-Firewall-1-INPUT for system default firewalls, and use INPUT to put temorary changes to firewall rules.
puppetlabs-firewall 'firewall', doesn't accept RH-Firewall-1-INPUT as a valid chain ( INPUT, FORWARD, OUTPUT, PREROUTING, POSTROUTING).
Allowing the definition of custom chains could help in writing diferent rules.
Regards
Pablo
The text was updated successfully, but these errors were encountered: