Can the iptables and ip6tables be enable/disable separately?
barrowkwan opened this issue · comments
in default.rb and disabled.rb
%w(iptables ip6tables).each do |ipt|
this mean we have to either enable or disable both but not like just iptables.
This is the error that I am getting..
[10.2.0.41] Running handlers complete
[10.2.0.41] [2020-10-15T23:33:20+00:00] ERROR: Exception handlers complete
[10.2.0.41] Chef Infra Client failed. 198 resources updated in 17 minutes 28 seconds
[10.2.0.41] [2020-10-15T23:33:20+00:00] INFO: Sending resource update report (run-id: 102eea5a-b2a3-4769-bf6c-462112213a6d)
[10.2.0.41] [2020-10-15T23:33:21+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2020-10-15T23:33:21+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[10.2.0.41] [2020-10-15T23:33:21+00:00] FATAL: Mixlib::ShellOut::CommandTimeout: service[ip6tables] (iptables::default line 62) had an error: Mixlib::ShellOut::CommandTimeout: Command timed out after 900s:
Command exceeded allowed execution time, process terminated
---- Begin output of ["/bin/systemctl", "--system", "start", "ip6tables"] ----
STDOUT:
STDERR:
---- End output of ["/bin/systemctl", "--system", "start", "ip6tables"] ----
Ran ["/bin/systemctl", "--system", "start", "ip6tables"] returned
ERROR: The following error occurred on 10.2.0.41:
ERROR: warning: /tmp/install.sh.2078/chef-16.1.16-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
/var/chef/cache/cookbooks/poise/files/halite_gem/poise/helpers/option_collector.rb:83: warning: Using the last argument as keyword parameters is deprecated; maybe ** should be added to the call
/var/chef/cache/cookbooks/poise/files/halite_gem/poise/helpers/option_collector.rb:98: warning: The called method `option_collector_attribute' is defined here
Hey, please look into moving to the resources, which should allow you to select each individually: https://github.com/chef-cookbooks/iptables/blob/master/documentation/iptables_service.md