[Devel] [PATCH] scripts: add "-w" to iptables command

Vasily Averin vvs at virtuozzo.com
Thu Sep 28 11:26:31 MSK 2017 

kthai@ explained that old version of iptables ignores unknown keys, so adding -w is safe.

On 2017-09-28 10:40, Pavel Tikhomirov wrote:
> Can we have these script running with older iptables version which does not have "-w"?
> 
> On 09/27/2017 02:11 PM, Stanislav Kinsburskiy wrote:
>> Neede to support new versions of iptables.
>>
>> https://jira.sw.ru/browse/PSBM-73153
>>
>> Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
>> ---
>>   scripts/nfs-ports-allow.sh |   16 ++++++++--------
>>   1 file changed, 8 insertions(+), 8 deletions(-)
>>
>> diff --git a/scripts/nfs-ports-allow.sh b/scripts/nfs-ports-allow.sh
>> index 97541dc..ac5cf5f 100644
>> --- a/scripts/nfs-ports-allow.sh
>> +++ b/scripts/nfs-ports-allow.sh
>> @@ -36,10 +36,10 @@ function add_accept_rules {
>>       local server=$1
>>       local port=$2
>>   -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT &&
>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT
>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT &&
>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT
>>   }
>>     function iptables_allow_nfs_ports {
>> @@ -63,10 +63,10 @@ function allow_portmapper_port {
>>       local server=$1
>>       local port=111
>>   -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT &&
>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT
>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT &&
>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT
>>   }
>>     for s in $servers; do
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openvz.org
>> https://lists.openvz.org/mailman/listinfo/devel
>>
>

More information about the Devel mailing list