1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

fix a regression in initialization_from_null_state() (iptables-nft > 1.8.2) (#2604) (#2645)

(cherry picked from commit 909e9fe950)

Co-authored-by: quidame <quidame@poivron.org>
This commit is contained in:
patchback[bot] 2021-05-27 07:16:34 +00:00 committed by GitHub
parent 2e20e9bb8f
commit 2ee7de681a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -304,7 +304,7 @@ def write_state(b_path, lines, changed):
return changed
def initialize_from_null_state(initializer, initcommand, table):
def initialize_from_null_state(initializer, initcommand, fallbackcmd, table):
'''
This ensures iptables-state output is suitable for iptables-restore to roll
back to it, i.e. iptables-save output is not empty. This also works for the
@ -315,8 +315,14 @@ def initialize_from_null_state(initializer, initcommand, table):
commandline = list(initializer)
commandline += ['-t', table]
(rc, out, err) = module.run_command(commandline, check_rc=True)
dummy = module.run_command(commandline, check_rc=True)
(rc, out, err) = module.run_command(initcommand, check_rc=True)
if '*%s' % table not in out.splitlines():
# The last resort.
iptables_input = '*%s\n:OUTPUT ACCEPT\nCOMMIT\n' % table
dummy = module.run_command(fallbackcmd, data=iptables_input, check_rc=True)
(rc, out, err) = module.run_command(initcommand, check_rc=True)
return rc, out, err
@ -401,6 +407,7 @@ def main():
INITCOMMAND = [bin_iptables_save]
INITIALIZER = [bin_iptables, '-L', '-n']
TESTCOMMAND = [bin_iptables_restore, '--test']
FALLBACKCMD = [bin_iptables_restore]
if counters:
COMMANDARGS.append('--counters')
@ -425,6 +432,7 @@ def main():
INITIALIZER.extend(['--modprobe', modprobe])
INITCOMMAND.extend(['--modprobe', modprobe])
TESTCOMMAND.extend(['--modprobe', modprobe])
FALLBACKCMD.extend(['--modprobe', modprobe])
SAVECOMMAND = list(COMMANDARGS)
SAVECOMMAND.insert(0, bin_iptables_save)
@ -458,15 +466,15 @@ def main():
for t in TABLES:
if '*%s' % t in state_to_restore:
if len(stdout) == 0 or '*%s' % t not in stdout.splitlines():
(rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, t)
(rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, FALLBACKCMD, t)
elif len(stdout) == 0:
(rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, 'filter')
(rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, FALLBACKCMD, 'filter')
elif state == 'restored' and '*%s' % table not in state_to_restore:
module.fail_json(msg="Table %s to restore not defined in %s" % (table, path))
elif len(stdout) == 0 or '*%s' % table not in stdout.splitlines():
(rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, table)
(rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, FALLBACKCMD, table)
initial_state = filter_and_format_state(stdout)
if initial_state is None: