Bug #10957
firewall: need a fact for iptables version
| Status: | Closed | Start date: | 11/18/2011 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Jonathan Boyett |
% Done: | 0% |
|
| Category: | firewall | Spent time: | - | |
| Target version: | - | |||
| Keywords: | Branch: | |||
| Votes: | 1 |
Description
CentOS 5.x iptables is seriously old and has various issues.
We need a fact that tells which version of iptables is installed so we can hack around this in our puppet modules.
In particular, ip6tables on CentOS 5 does not support comments. Since the firewall provider requires comments, no ipv6 on CentOS 5.
Related issues
History
Updated by Ken Barber 6 months ago
- Category set to firewall
- Status changed from Unreviewed to Accepted
We had this before. So realistically we need:
- ip6tables_version
- iptables_version
Updated by Jonathan Boyett 6 months ago
- Assignee set to Jonathan Boyett
Updated by Jonathan Boyett 6 months ago
- Status changed from Accepted to In Topic Branch Pending Review
Updated by Krzysztof Wilczynski 6 months ago
Jonathan Boyett wrote:
Please have a look on a very similar fact: xtables_version.rb
The difference is that it also provides “ebtables” and “arptables” version information if these are present.
I also have no tests yet :–(
KW
Updated by Ken Barber 6 months ago
- Status changed from In Topic Branch Pending Review to Code Insufficient
So Jon – you need to be able to handle the cases where iptables doesn’t exist. This would especially apply for ip6tables … comments in pull request.
Updated by Jonathan Boyett 6 months ago
Return default nil if either command is not present.
Updated by Ken Barber 6 months ago
- Status changed from Code Insufficient to Merged - Pending Release
Updated by Ken Barber 5 months ago
- Status changed from Merged - Pending Release to Closed