SaltStack - iptables icmp rule doesn't work

Question

System:

Debian GNU/Linux 8.6 (jessie)
salt-master 2016.3.3 (Boron)
salt-minion 2016.3.3 (Boron)

Trying to add an icmp rule will result in an error message.

init.sls

INPUT:
  iptables.chain_present:
    - table: filter
    - family: ipv4

icmp:
  iptables.insert:
    - table: filter
    - chain: INPUT
    - jump: ACCEPT
    - proto: icmp
    - position: 1
    - save: True
    - require:
      - iptables: INPUT

Error Message:

ID: icmp
Function: iptables.insert
Result:   False
Comment:  Failed to set iptables rule for icmp.
          Attempted rule was /sbin/iptables -t filter -I INPUT 1 -p icmp -m icmp --jump ACCEPT

I also tried following:

icmp:
  iptables.append:
    - table: filter
    - chain: INPUT
    - jump: ACCEPT
    - proto: icmp
    - save: True

... but it's the same:

ID:       icmp
Function: iptables.append
Result:   False
Comment:  Failed to set iptables rule for icmp.
          Attempted rule was /sbin/iptables -t filter -A INPUT  -p icmp -m icmp --jump ACCEPT for ipv4

Has anyone an idea?

Did you try to execute the command `iptables -t filter -A INPUT -p icmp -m icmp --jump ACCEPT` directly? It should help you find what the error is. — Christophe Drevet, Sep 28 '16 at 14:27
Yeah, i tried this command and it works as expected. The firewall rule is append. — gogan, Sep 28 '16 at 14:41

score 0 · Accepted Answer · answered Sep 30 '16 at 07:28

0

I reinstalled the problematic minions and this solves the problem.

And additionally on one of the minions there was an older saltstack version which causes the problem.

answered Sep 30 '16 at 07:28

gogan

115
1
6

SaltStack - iptables icmp rule doesn't work

1 Answers1