[Devel] [PATCH] scripts: add "-w" to iptables command

Stanislav Kinsburskiy skinsbursky at virtuozzo.com
Thu Sep 28 13:58:15 MSK 2017 

How old should it be?
I checked with v1.4.21

28.09.2017 12:55, Kirill Tkhai пишет:
> Could you please to say will it work on old iptables?
> 
> On 28.09.2017 13:03, Stanislav Kinsburskiy wrote:
>> What a brilliant idea it was to ignore unknown keys.
>> Should take it into account.
>>
>> 28.09.2017 10:26, Vasily Averin пишет:
>>> kthai@ explained that old version of iptables ignores unknown keys, so adding -w is safe.
>>>
>>> On 2017-09-28 10:40, Pavel Tikhomirov wrote:
>>>> Can we have these script running with older iptables version which does not have "-w"?
>>>>
>>>> On 09/27/2017 02:11 PM, Stanislav Kinsburskiy wrote:
>>>>> Neede to support new versions of iptables.
>>>>>
>>>>> https://jira.sw.ru/browse/PSBM-73153
>>>>>
>>>>> Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
>>>>> ---
>>>>>   scripts/nfs-ports-allow.sh |   16 ++++++++--------
>>>>>   1 file changed, 8 insertions(+), 8 deletions(-)
>>>>>
>>>>> diff --git a/scripts/nfs-ports-allow.sh b/scripts/nfs-ports-allow.sh
>>>>> index 97541dc..ac5cf5f 100644
>>>>> --- a/scripts/nfs-ports-allow.sh
>>>>> +++ b/scripts/nfs-ports-allow.sh
>>>>> @@ -36,10 +36,10 @@ function add_accept_rules {
>>>>>       local server=$1
>>>>>       local port=$2
>>>>>   -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT &&
>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT
>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT &&
>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT
>>>>>   }
>>>>>     function iptables_allow_nfs_ports {
>>>>> @@ -63,10 +63,10 @@ function allow_portmapper_port {
>>>>>       local server=$1
>>>>>       local port=111
>>>>>   -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT &&
>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT
>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT &&
>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT
>>>>>   }
>>>>>     for s in $servers; do
>>>>>
>>>>> _______________________________________________
>>>>> Devel mailing list
>>>>> Devel at openvz.org
>>>>> https://lists.openvz.org/mailman/listinfo/devel
>>>>>
>>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/devel
>>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openvz.org
>> https://lists.openvz.org/mailman/listinfo/devel
>>

More information about the Devel mailing list