]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commit
Code Review / puppet-modules / puppetlabs-firewall.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d5746c9) | patch
allow ip6tables to be disabled
authorAron Parsons <aron@knackworks.com>
Fri, 7 Apr 2017 01:38:50 +0000 (21:38 -0400)
committerAron Parsons <aron@knackworks.com>
Thu, 13 Apr 2017 22:20:22 +0000 (18:20 -0400)
commit24ca3df9eee50a6150c2f5a854bb2c7545979646
treef7d37ea6a6d6a1ec3fb83cd6f47218b387b3576ftree | snapshot
parentd5746c9de0d0b11691bdcd1d62f6cb95de0dda06commit | diff
allow ip6tables to be disabled

many hardened systems have IPv6 disabled, which
does not allow ip6tables to be running.  allow
ip6tables to be selectively disabled in these cases.

errors when IPv6 is disabled:

Error: Could not start Service[ip6tables]: Execution of '/usr/bin/systemctl start ip6tables' returned 1: Job for ip6tables.service failed because the control process exited with error code. See "systemctl status ip6tables.service" and "journalctl -xe" for details.
Error: /Stage[main]/Firewall::Linux::Redhat/Service[ip6tables]/ensure: change from stopped to running failed: Could not start Service[ip6tables]: Execution of '/usr/bin/systemctl start ip6tables' returned 1: Job for ip6tables.service failed because the control process exited with error code. See "systemctl status ip6tables.service" and "journalctl -xe" for details.

● ip6tables.service - IPv6 firewall with ip6tables
   Loaded: loaded (/usr/lib/systemd/system/ip6tables.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2017-04-07 01:36:45 UTC; 25min ago
  Process: 10257 ExecStart=/usr/libexec/iptables/ip6tables.init start (code=exited, status=1/FAILURE)
 Main PID: 10257 (code=exited, status=1/FAILURE)

Apr 07 01:36:45 el7-1.example.com systemd[1]: Starting IPv6 firewall with ip6tables...
Apr 07 01:36:45 el7-1.example.com ip6tables.init[10257]: ip6tables: Applying firewall rules: ip6tab...r'
Apr 07 01:36:45 el7-1.example.com ip6tables.init[10257]: Error occurred at line: 4
Apr 07 01:36:45 el7-1.example.com ip6tables.init[10257]: Try `ip6tables-restore -h' or 'ip6tables-r...n.
Apr 07 01:36:45 el7-1.example.com ip6tables.init[10257]: [FAILED]
Apr 07 01:36:45 el7-1.example.com systemd[1]: ip6tables.service: main process exited, code=exited,...URE
Apr 07 01:36:45 el7-1.example.com systemd[1]: Failed to start IPv6 firewall with ip6tables.
Apr 07 01:36:45 el7-1.example.com systemd[1]: Unit ip6tables.service entered failed state.
Apr 07 01:36:45 el7-1.example.com systemd[1]: ip6tables.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
.fixtures.yml diff | blob | history
manifests/init.pp diff | blob | history
manifests/linux.pp diff | blob | history
manifests/linux/redhat.pp diff | blob | history
metadata.json diff | blob | history
spec/spec_helper_acceptance.rb diff | blob | history
spec/unit/classes/firewall_linux_redhat_spec.rb diff | blob | history