Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-79819

portblock: fix iptables version detection

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.7
    • rhel-8.10, rhel-9.5, rhel-10.0
    • resource-agents
    • None
    • resource-agents-4.10.0-73.el9
    • No
    • Important
    • ZStream
    • rhel-ha
    • 13
    • 17
    • 8
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Approved Blocker
    • Release Note Not Required
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Use the portblock agent, but it fails to remove rules during stop-action due to a change in iptables -V output (it adds " (nf_tables)" after the version string).

       

      E.g.

       

      [root@rhel9-1 ~]# iptables -V
iptables v1.8.10 (nf_tables)

       

      What is the impact of this issue to you?

      Rule doesnt get removed during stop-action.

      Please provide the package NVR for which the bug is seen:

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1. pcs resource create pblock portblock protocol=tcp portno=80 action=block
      2. pcs resource disable pblock

      Expected results

      Removes rule when disabled.

      Actual results

      Doesnt remove rule when disabled, and adds new rule when re-enabled.

              rhn-engineering-oalbrigt Oyvind Albrigtsen
              rhn-engineering-oalbrigt Oyvind Albrigtsen
              Oyvind Albrigtsen Oyvind Albrigtsen
              Cluster QE Cluster QE
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: