[Devel] [PATCH] scripts: add "-w" to iptables command

Thu Sep 28 13:59:20 MSK 2017

The oldest version from VZ7, I suppose. I don't know which it is.

On 28.09.2017 13:58, Stanislav Kinsburskiy wrote:
> How old should it be?
> I checked with v1.4.21
> 
> 28.09.2017 12:55, Kirill Tkhai пишет:
>> Could you please to say will it work on old iptables?
>>
>> On 28.09.2017 13:03, Stanislav Kinsburskiy wrote:
>>> What a brilliant idea it was to ignore unknown keys.
>>> Should take it into account.
>>>
>>> 28.09.2017 10:26, Vasily Averin пишет:
>>>> kthai@ explained that old version of iptables ignores unknown keys, so adding -w is safe.
>>>>
>>>> On 2017-09-28 10:40, Pavel Tikhomirov wrote:
>>>>> Can we have these script running with older iptables version which does not have "-w"?
>>>>>
>>>>> On 09/27/2017 02:11 PM, Stanislav Kinsburskiy wrote:
>>>>>> Neede to support new versions of iptables.
>>>>>>
>>>>>> https://jira.sw.ru/browse/PSBM-73153
>>>>>>
>>>>>> Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
>>>>>> ---
>>>>>>   scripts/nfs-ports-allow.sh |   16 ++++++++--------
>>>>>>   1 file changed, 8 insertions(+), 8 deletions(-)
>>>>>>
>>>>>> diff --git a/scripts/nfs-ports-allow.sh b/scripts/nfs-ports-allow.sh
>>>>>> index 97541dc..ac5cf5f 100644
>>>>>> --- a/scripts/nfs-ports-allow.sh
>>>>>> +++ b/scripts/nfs-ports-allow.sh
>>>>>> @@ -36,10 +36,10 @@ function add_accept_rules {
>>>>>>       local server=$1
>>>>>>       local port=$2
>>>>>>   -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT &&
>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT
>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT &&
>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT
>>>>>>   }
>>>>>>     function iptables_allow_nfs_ports {
>>>>>> @@ -63,10 +63,10 @@ function allow_portmapper_port {
>>>>>>       local server=$1
>>>>>>       local port=111
>>>>>>   -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT &&
>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT
>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT &&
>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT
>>>>>>   }
>>>>>>     for s in $servers; do
>>>>>>
>>>>>> _______________________________________________
>>>>>> Devel mailing list
>>>>>> Devel at openvz.org
>>>>>> https://lists.openvz.org/mailman/listinfo/devel
>>>>>>
>>>>>
>>>> _______________________________________________
>>>> Devel mailing list
>>>> Devel at openvz.org
>>>> https://lists.openvz.org/mailman/listinfo/devel
>>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/devel
>>>