GNU bug report logs -
#32465
Add iptables service
Previous Next
Full log
View this message in rfc822 format
Hi Arun,
Arun Isaac <arunisaac <at> systemreboot.net> skribis:
> I generalized this service to work for both iptables and ip6tables. I
> added system tests, and made the other corrections that were
> suggested. Some questions follow.
>
> - Is the example I added for the iptables.rules sufficient? I couldn't
> find upstream documentation for the iptables.rules format. I suspect
> it doesn't exist. Do you know of any upstream documentation that can
> be referred to here?
From a quick search it must be <https://netfilter.org/documentation/>,
specifically <https://netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html>.
> - In the attached patch, the fourth test ("inetd echo service is
> accessible after iptables firewall is stopped") doesn't work. In that
> service, I am trying to stop the iptables service, but I'm not able
> to. How do I programmatically stop the iptables service? Is what I
> have done correct?
[...]
> + (shepherd-service
> + (documentation "Packet filtering framework")
> + (provision '(iptables))
> + (start #~(lambda _
> + (invoke #$iptables-restore #$ipv4-rules)
> + (invoke #$ip6tables-restore #$ipv6-rules)))
> + (stop #~(lambda _
> + (invoke #$iptables-restore #$%iptables-accept-all-rules)
> + (invoke #$ip6tables-restore #$%iptables-accept-all-rules))))))))
There’s a peculiarity of ‘stop’ which is that it must return #f on
success. So here, you just need to add a trailing #f after the second
‘invoke’ call. If you do that, I suppose the test that stops the
firewall will pass.
And if it does, I think you can go ahead and push! :-)
Thank you,
Ludo’.
This bug report was last modified 6 years and 301 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.