Flush rules for INPUT chain only (for compatibility with docker) #106
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Do not clear all chains (if 'firewall_flush_rules_and_chains' is 'false') to leave DOCKER chains without changes. Instead, the ability to clear only INPUT chains has been added, as well as the ability to specify which tables to clean (nat, mangle, filter). New variables: - firewall_flush_rules_input_nat - firewall_flush_rules_input_mangle - firewall_flush_rules_input_filter
This task is not necessary because when the firewall service starts, the filter table will be cleared (iptables -F or iptables -t filter -F INPUT).
|
This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! Please read this blog post to see the reasons why I mark issues as stale. |
|
This works pretty well! 👍 |
|
@etoosamoe Do you think this PR is ready for a merge? |
Definitely. It does exactly what it supposed to do - add controls if we want to flush some another chains. |
|
This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! Please read this blog post to see the reasons why I mark issues as stale. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request refactors the firewall playbook to introduce the ability to flush only the INPUT chains, while leaving other chains (such as DOCKER chains) untouched. This change is made to ensure compatibility with Docker configurations.
The following changes have been made:
firewall_flush_rules_input_nat: Indicates whether to flush the INPUT chain in the 'nat' table.firewall_flush_rules_input_mangle: Indicates whether to flush the INPUT chain in the 'mangle' table.firewall_flush_rules_input_filter: Indicates whether to flush the INPUT chain in the 'filter' table.These changes ensure compatibility with Docker configurations and provide more flexibility in managing firewall rules.