brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-36) IptablesCommands.saveIptablesRules doesn't work as expected
Date Mon, 15 Sep 2014 21:12:33 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-36?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14134488#comment-14134488
] 

ASF GitHub Bot commented on BROOKLYN-36:
----------------------------------------

Github user andreaturli commented on a diff in the pull request:

    https://github.com/apache/incubator-brooklyn/pull/62#discussion_r17569005
  
    --- Diff: utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsTest.java ---
    @@ -27,43 +27,56 @@
     
     public class IptablesCommandsTest {
     
    -   private static final String cleanUptptablesRules = "( if test \"$UID\" -eq 0; then
( /sbin/iptables -F ); else sudo -E -n -S -- /sbin/iptables -F; fi )";
    +    private static final String cleanUptptablesRules = "( if test \"$UID\" -eq 0; then
( /sbin/iptables -F ); else sudo -E -n -S -- /sbin/iptables -F; fi )";
     
    -   public static final String insertIptablesRule = "( if test \"$UID\" -eq 0; then (
/sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306
-j ACCEPT; fi )";
    -   public static final String appendIptablesRule = "( if test \"$UID\" -eq 0; then (
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306
-j ACCEPT; fi )";
    -   public static final String insertIptablesRuleAll = "( if test \"$UID\" -eq 0; then
( /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT;
fi )";
    -   public static final String appendIptablesRuleAll = "( if test \"$UID\" -eq 0; then
( /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT ); "
    -         + "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT;
fi )";
    -   
    -   @Test
    -   public void testCleanUpIptablesRules() {
    -      Assert.assertEquals(IptablesCommands.cleanUpIptablesRules(), cleanUptptablesRules);
    -   }
    +    public static final String insertIptablesRule = "( if test \"$UID\" -eq 0; then (
/sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    +            + "else sudo -E -n -S -- /sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306
-j ACCEPT; fi )";
    +    private static final String appendIptablesRule = "( if test \"$UID\" -eq 0; then
( /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
    +            + "else sudo -E -n -S -- /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306
-j ACCEPT; fi )";
    +    private static final String insertIptablesRuleAll = "( if test \"$UID\" -eq 0; then
( /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT ); "
    +            + "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT;
fi )";
    +    private static final String appendIptablesRuleAll = "( if test \"$UID\" -eq 0; then
( /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT ); "
    +            + "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT;
fi )";
    +    private static final String saveIptablesRules = "( ( if test \"$UID\" -eq 0; then
( service iptables save ); else sudo -E -n -S -- service iptables save; fi ) || " +
    --- End diff --
    
    `iptables-persistent` saves the current ipv4 and ipv6 firewall rules during the installation.
    So `saveIptablesRules` need to invoke `sudo /etc/init.d/iptables-persistent save` as explained
[here](http://askubuntu.com/questions/119393/how-to-save-rules-of-the-iptables) to save rules
using `iptables-persistent`
    
    Notice also that as we enable `DEBIAN_FRONTEND=noninteractive` for apt-get install, the
problem described [here](http://askubuntu.com/questions/339790/how-can-i-prevent-apt-get-aptitude-from-showing-dialogs-during-installation)
is solved. 
    
    I've tested the command on an empirical test on a centOS 6 server and a Debian 7 server


> IptablesCommands.saveIptablesRules doesn't work as expected
> -----------------------------------------------------------
>
>                 Key: BROOKLYN-36
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-36
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Andrea Turli
>            Assignee: Andrea Turli
>            Priority: Minor
>             Fix For: 0.7.0-SNAPSHOT
>
>
> This needs to be revisited as the behavior is not as described at http://www.thomas-krenn.com/en/wiki/Saving_Iptables_Firewall_Rules_Permanently,
for example



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message