Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add compatibility with netfilter backend #30

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

networkhell
Copy link

Compatibility with newer distros like CentOS 8 and debian buster.

Not waterproof but if the nft command is available, nft list tables is used instead of /proc/net/ip[6]_tables_names

On systems using netfilter as backend the nft command must not be available because it returns an empty list of active tables, just like the /proc/net/ip_tables_names does on systems using nftables.

On systems using netfilter, nftables should not be installed, on systems using the new nftables backend, nftables and the nft command have to be installed.
if table_names:
return table_names.splitlines()
else:
return self.TABLES

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return []

I think a catch-all return [] might be needed. I saw this error on a fresh Debian 10 system.

Traceback (most recent call last):
  File "/tmp/.ansible-root/tmp/ansible-tmp-1594066148.433582-31501-31867424992637/AnsiballZ_iptables_raw.py", line 102, in <module>
    _ansiballz_main()
  File "/tmp/.ansible-root/tmp/ansible-tmp-1594066148.433582-31501-31867424992637/AnsiballZ_iptables_raw.py", line 94, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/tmp/.ansible-root/tmp/ansible-tmp-1594066148.433582-31501-31867424992637/AnsiballZ_iptables_raw.py", line 40, in invoke_module
    runpy.run_module(mod_name='ansible.modules.iptables_raw', init_globals=None, run_name='__main__', alter_sys=True)
  File "/usr/lib/python2.7/runpy.py", line 188, in run_module
    fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 82, in _run_module_code
    mod_name, mod_fname, mod_loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/tmp/ansible_iptables_raw_payload_nhVmBN/ansible_iptables_raw_payload.zip/ansible/modules/iptables_raw.py", line 1125, in <module>
  File "/tmp/ansible_iptables_raw_payload_nhVmBN/ansible_iptables_raw_payload.zip/ansible/modules/iptables_raw.py", line 1017, in main
  File "/tmp/ansible_iptables_raw_payload_nhVmBN/ansible_iptables_raw_payload.zip/ansible/modules/iptables_raw.py", line 311, in __init__
  File "/tmp/ansible_iptables_raw_payload_nhVmBN/ansible_iptables_raw_payload.zip/ansible/modules/iptables_raw.py", line 567, in _refresh_active_rules
  File "/tmp/ansible_iptables_raw_payload_nhVmBN/ansible_iptables_raw_payload.zip/ansible/modules/iptables_raw.py", line 582, in _get_system_active_rules
TypeError: argument of type 'NoneType' is not iterable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants