This repository was archived by the owner on Jun 11, 2019. It is now read-only.
This repository was archived by the owner on Jun 11, 2019. It is now read-only.
Ubuntu 13.10 - Service[iptables]: Execution of 'iptables-restore < /etc/iptables/rules.v4' returned 1: #51
Description
Hello,
I 've just installed this package with the following config :
class { 'iptables':
enable_v6 => false,
version => 'present' # the present is mandatory else it try to replace my ubuntu version with a non existant package
}
iptables::rule { 'smtp':
port => 25
}
iptables::rule { 'smtp_secure':
port => 587
}
iptables::rule { 'imap':
port => 143
}But when i apply this config, i have :
Debug: Executing 'iptables-restore < /etc/iptables/rules.v4'
Error: /Stage[main]/Iptables/Service[iptables]: Failed to call refresh: Could not restart Service[iptables]: Execution of 'iptables-restore < /etc/iptables/rules.v4' returned 1:
Error: /Stage[main]/Iptables/Service[iptables]: Could not restart Service[iptables]: Execution of 'iptables-restore < /etc/iptables/rules.v4' returned 1:
Debug: Iptables::Concat_emitter[v4]: The container Class[Iptables] will propagate my refresh event
Debug: Class[Iptables]: The container Stage[main] will propagate my refresh event
The generated file is :
# File Managed by Puppet
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 25 -s 0/0 -d 0/0 -j ACCEPT
-A INPUT -p tcp --dport 587 -s 0/0 -d 0/0 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m pkttype --pkt-type broadcast -j ACCEPT
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT
-A INPUT -j LOG --log-level 4 --log-prefix "INPUT DROP: "
-A INPUT -j DROP
-A OUTPUT -j ACCEPT
-A OUTPUT -j LOG --log-level 4 --log-prefix "OUTPUT DROP: "
-A OUTPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -j LOG --log-level 4 --log-prefix "FORWARD DROP: "
-A FORWARD -j DROP
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A POSTROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A POSTROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
And if i do a manually save i have something restorable wich look like :
# Generated by iptables-save v1.4.18 on Sat Apr 19 02:23:26 2014
*nat
:PREROUTING ACCEPT [12:1300]
:POSTROUTING ACCEPT [5:337]
:OUTPUT ACCEPT [5:337]
COMMIT
# Completed on Sat Apr 19 02:23:26 2014
# Generated by iptables-save v1.4.18 on Sat Apr 19 02:23:26 2014
*mangle
:PREROUTING ACCEPT [145:11453]
:INPUT ACCEPT [145:11453]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [123:19035]
:POSTROUTING ACCEPT [123:19035]
COMMIT
# Completed on Sat Apr 19 02:23:26 2014
# Generated by iptables-save v1.4.18 on Sat Apr 19 02:23:26 2014
*filter
:INPUT ACCEPT [145:11453]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [123:19035]
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
COMMIT
# Completed on Sat Apr 19 02:23:26 2014
Can you help please.