[Devel] [PATCH] scripts: add "-w" to iptables command

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Fri Sep 29 15:30:54 MSK 2017 

It seem my comment missed the list, sorry...

[root at cat ~]# iptables -w -L || echo ERROR
iptables v1.4.7: option `-w' requires an argument
Try `iptables -h' or 'iptables --help' for more information.
ERROR

on 1.4.7 -w option is not ignored but asks for an argument with error 
for me. Checked on cat.qa.sw.ru

On 09/28/2017 01:59 PM, Kirill Tkhai wrote:
> The oldest version from VZ7, I suppose. I don't know which it is.
> 
> On 28.09.2017 13:58, Stanislav Kinsburskiy wrote:
>> How old should it be?
>> I checked with v1.4.21
>>
>> 28.09.2017 12:55, Kirill Tkhai пишет:
>>> Could you please to say will it work on old iptables?
>>>
>>> On 28.09.2017 13:03, Stanislav Kinsburskiy wrote:
>>>> What a brilliant idea it was to ignore unknown keys.
>>>> Should take it into account.
>>>>
>>>> 28.09.2017 10:26, Vasily Averin пишет:
>>>>> kthai@ explained that old version of iptables ignores unknown keys, so adding -w is safe.
>>>>>
>>>>> On 2017-09-28 10:40, Pavel Tikhomirov wrote:
>>>>>> Can we have these script running with older iptables version which does not have "-w"?
>>>>>>
>>>>>> On 09/27/2017 02:11 PM, Stanislav Kinsburskiy wrote:
>>>>>>> Neede to support new versions of iptables.
>>>>>>>
>>>>>>> https://jira.sw.ru/browse/PSBM-73153
>>>>>>>
>>>>>>> Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
>>>>>>> ---
>>>>>>>    scripts/nfs-ports-allow.sh |   16 ++++++++--------
>>>>>>>    1 file changed, 8 insertions(+), 8 deletions(-)
>>>>>>>
>>>>>>> diff --git a/scripts/nfs-ports-allow.sh b/scripts/nfs-ports-allow.sh
>>>>>>> index 97541dc..ac5cf5f 100644
>>>>>>> --- a/scripts/nfs-ports-allow.sh
>>>>>>> +++ b/scripts/nfs-ports-allow.sh
>>>>>>> @@ -36,10 +36,10 @@ function add_accept_rules {
>>>>>>>        local server=$1
>>>>>>>        local port=$2
>>>>>>>    -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT &&
>>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT
>>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT &&
>>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT
>>>>>>>    }
>>>>>>>      function iptables_allow_nfs_ports {
>>>>>>> @@ -63,10 +63,10 @@ function allow_portmapper_port {
>>>>>>>        local server=$1
>>>>>>>        local port=111
>>>>>>>    -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT &&
>>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>>>> -    ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT
>>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
>>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT &&
>>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
>>>>>>> +    ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT
>>>>>>>    }
>>>>>>>      for s in $servers; do
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Devel mailing list
>>>>>>> Devel at openvz.org
>>>>>>> https://lists.openvz.org/mailman/listinfo/devel
>>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Devel mailing list
>>>>> Devel at openvz.org
>>>>> https://lists.openvz.org/mailman/listinfo/devel
>>>>>
>>>> _______________________________________________
>>>> Devel mailing list
>>>> Devel at openvz.org
>>>> https://lists.openvz.org/mailman/listinfo/devel
>>>>
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://lists.openvz.org/mailman/listinfo/devel
> 

-- 
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.

More information about the Devel mailing list