Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.

Warn on detection of REJECT rule in FORWARD chain #1349

Merged
merged 1 commit into from
Aug 28, 2015
Merged

Warn on detection of REJECT rule in FORWARD chain #1349

merged 1 commit into from
Aug 28, 2015

Conversation

awh
Copy link
Contributor

@awh awh commented Aug 21, 2015

Closes #1266.

@awh
Copy link
Contributor Author

awh commented Aug 21, 2015

Suggestions for a better error message welcome...

@awh awh force-pushed the issues/1266-detect-adverse-firewall-config branch from e186410 to 9b80bc1 Compare August 21, 2015 14:21
@awh awh changed the title Exit with error on detection of REJECT rule in FORWARD chain Warn on detection of REJECT rule in FORWARD chain Aug 21, 2015
@awh awh force-pushed the issues/1266-detect-adverse-firewall-config branch from 9b80bc1 to ece454e Compare August 21, 2015 14:23
@rade
Copy link
Member

rade commented Aug 21, 2015

This should tell the user a) exactly what the offending rule is, b) what the likely effect is on weave.

@awh awh force-pushed the issues/1266-detect-adverse-firewall-config branch from ece454e to 2a2eca8 Compare August 21, 2015 14:51
@awh
Copy link
Contributor Author

awh commented Aug 21, 2015

Message updated.

@awh awh force-pushed the issues/1266-detect-adverse-firewall-config branch from 2a2eca8 to ca94cff Compare August 21, 2015 15:25
@awh
Copy link
Contributor Author

awh commented Aug 21, 2015

@rade latest revision:

$ ./weave launch
WARNING: existing iptables rule

    '-A FORWARD -j REJECT --reject-with icmp-host-prohibited'

will block name resolution via weaveDNS - please reconfigure your firewall.

rade added a commit that referenced this pull request Aug 28, 2015
@rade
Merge pull request #1349 from /issues/1266-detect-adverse-firewall-co…
244a679 
…nfig

Warn on detection of REJECT rule in FORWARD chain

Fixes #1266.
@rade rade merged commit 244a679 into master Aug 28, 2015
@rade rade modified the milestone: 1.1.0 Aug 29, 2015
@rade rade deleted the issues/1266-detect-adverse-firewall-config branch August 31, 2015 09:50
@alex-sherwin
Copy link

You should give an example command of removing the rule in the warning..

@joserivca
Copy link

so it was fixed? im still having the problem!

@rade rade mentioned this pull request Apr 25, 2016
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@awh @rade @alex-sherwin @joserivca