Flushing iptables on first run is causing ssh lockdown

[sid255]

When I run this role on my remote servers, the first task of flushing iptables is causing ssh lockdown and disconnection. I had to add the default rules task before flushing to make it work. Is this normal behavior or am I doing something wrong?

[shk3bq4d]

iptables -F

present both in:

• tasks/main.yml
• systemd unit file

is a command to never execute when your chains policies are different from ACCEPT. Can you confirm this is your case @sid255 ?

Maybe supporting a configurable default var firewall_flush_commands that defaults to current iptables -F with a README note that proposes to execute the following consecutive commands

iptables -w 45 -P INPUT ACCEPT; iptables -w 45 -P FORWARD ACCEPT; iptables -w 45 -P OUTPUT ACCEPT; iptables -w 45 -F

as a proposal for people in this situation would solve the problem?

edit: merge request #87, aiming to solve the specific case of interaction with docker daemon managed rules mentioned in #82, has an alternative proposal to disable the initial flush and systemd ExecStop altogether

[shk3bq4d]

ok, I've opened PR #89 as a proposal to fix this issue

[stale]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[stale]

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.