Giters

chef-cookbooks / iptables

Development repository for Chef Cookbook iptables

Home Page:https://supermarket.chef.io/cookbooks/iptables

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Documentation: Attribute-based rules pull in invalid attributes

jqassar opened this issue · comments

commented

Cookbook version

4.3.0

Chef-client version

12.12.x

Platform Details

CentOS/RHEL 6

Scenario:

When using the example for building and iterating over attributes to generate iptables rules, the documentation suggests using ['iptables']['blah'] to generate the rules, then iterating over them. The mechanism works, but the suggested namespace already has ['iptables']['iptables_sysconfig'], ['iptables']['ip6tables_sysconfig'], and ['iptables']['system_ruby'] in it from the attributes file. This generates invalid iptables rules and breaks the script.

Steps to Reproduce:

Use the attribute-based mechanism to generate one rule, as per the documentation:
node.default['iptables']['port_80'] =

Expected Result:

A file gets dropped in /etc/iptables.d/port_80 with the rule and iptables rebuilds.

Actual Result:

A file gets dropped in /etc/iptables.d/port_80 with the rule, as does:

  • /etc/iptables.d/iptables_config
  • /etc/iptables.d/ip6tables_config
  • /etc/iptables.d/system_ruby

rebuild-iptables breaks when trying to parse the first file.