Using "firewall_flush_rules_and_chains"

[alexeychusta]

When "firewall_flush_rules_and_chains:" is false

"Iptables.bash.js" template is missing "iptables -F"

But in "firewall.unit.j2" there is "ExecStop = /sbin/iptables -F"

And when the service restarts, all additional chains and rules are deleted

[stale]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[stale]

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

[kare]

I'm using @geerlingguy ansible-role-firewall with ansible-role-docker and it seems that the ports exposed via docker run -p 7171:32200 and opened in firewall with:

firewall_allowed_tcp_ports:
  - 7171

are not opened to public as they should be (I've had only temporary access to those ports). I've verified access to ports with nc -v -w 2 -z example.com 7171. Port 7171 is accessible on localhost.

There is a current non conflicting PR #106 opened by @vitabaks. I haven't tested it yet, but based on my review it would fix this issue.

Is it possible to get it tested, reviewed and merged?

[kare]

@geerlingguy Please re-open this issue, thanks

[kare]

Are these PR's relevant?

• planned, abandoned? Made iptables initialization a bit more flexible #37
• unplanned, improvement? over #37 but closed as stale Made iptables initialization a bit more flexible ... take 2 #104

What would be the approach for a PR to get #80 and #82 fixed, merged and released?