Bug #747
srv_firewalling: invalid port/service `ircd-aux'/`ircd-ssl' specified (Toushirou)
Start date:
2021-12-14
Due date:
% Done:
100%
Estimated time:
Patch Available:
Yes
Confirmed:
Yes
Branch:
dc-irconweb_define_ircd_services
Entity:
DuckCorp
Security:
Help Needed:
Description
This errors seem unexpected:
Dec 13 13:18:38 Toushirou srv_firewalling[1148]: iptables v1.8.7 (nf_tables): invalid port/service `ircd-aux' specified Dec 13 13:18:38 Toushirou srv_firewalling[1148]: Try `iptables -h' or 'iptables --help' for more information. Dec 13 13:18:38 Toushirou srv_firewalling[1152]: iptables v1.8.7 (nf_tables): invalid port/service `ircd-ssl' specified Dec 13 13:18:38 Toushirou srv_firewalling[1152]: Try `iptables -h' or 'iptables --help' for more information.
Associated revisions
Toushirou: don't open unused ircd-{ssl,aux} ports
On Toushirou, no service is listening on these ports.
Closes #747
History
Updated by Pierre-Louis Bonicoli over 1 year ago
Updated by - Category set to System :: Base
- Status changed from New to In Progress
- % Done changed from 0 to 50
- Confirmed changed from No to Yes
ircd-aux and irc-ssl services are defined within dc-irc role for irc_servers Ansible group only.
Updated by Pierre-Louis Bonicoli over 1 year ago
- % Done changed from 50 to 70
- Patch Available set to Yes
- Branch set to dc-irconweb_define_ircd_services
Updated by Pierre-Louis Bonicoli over 1 year ago
- Assignee set to Marc Dequènes
Marc Dequènes Does this patch look ok to you?
On second thoughts, should not the ircd-aux and ircd-ssl firewall INPUT rules be removed from toushirou:/etc/mp-admin/firewalling instead?
Updated by Anonymous over 1 year ago
- Status changed from In Progress to Resolved
- % Done changed from 70 to 100
Applied in changeset duckcorp-infra|27c9761f004ed130be440578fae7ac772bc26dbc.
Updated by Pierre-Louis Bonicoli over 1 year ago
duckcorp-infra|2220b907b64361551874297ca1b627a9f063c9de applied using:
$ ansible-playbook -l Toushirou playbooks/common.yml --diff -vv --tags firewalling
[...]
TASK [dc-base : Install firewalling configuration] ***
task path: /srv/share/src/duckcorp/duckcorp-infra.git/ansible/roles/dc-base/tasks/firewalling.yml:57
Wednesday 15 December 2021 09:55:13 +0100 (0:00:00.649) 0:00:14.571 ****
NOTIFIED HANDLER dc-base : Restart Firewalling for Toushirou
--- before: /etc/mp-admin/firewalling
+++ after: /home/lilou/.ansible/tmp/ansible-local-2576352j085r4eo/tmpylpmovr1/Toushirou
@@ -21,7 +21,7 @@
# Services available on the Hivane interface only, IPv4/IPv6
declare -A HIVANE=(
["IFACE"]="eth-wan-hivane"
- ["SRV_TCP"]="smtp smtps submission imap2 imaps pop3 pop3s sieve ircd ircd-aux ircd-ssl ftp http https git ldap ldaps dict ${FTP_PASSV} ${LXD} ${PROM_EXP_EXP}"
+ ["SRV_TCP"]="smtp smtps submission imap2 imaps pop3 pop3s sieve ircd ftp http https git ldap ldaps dict ${FTP_PASSV} ${LXD} ${PROM_EXP_EXP}"
["SRV_UDP"]=""
)
changed: [Toushirou] => changed=true
checksum: c29567c5da98ae2c1aefd254aebfc988199db5bd
dest: /etc/mp-admin/firewalling
gid: 0
group: root
md5sum: 2c7480cf34d4db87bb8b5a2ccc325658
mode: '0640'
owner: root
size: 2490
src: /tmp/.ansible-root/tmp/ansible-tmp-1639558513.5854077-2577692-18704628854307/source
state: file
uid: 0
[...]
RUNNING HANDLER [dc-base : Restart Firewalling] ***
task path: /srv/share/src/duckcorp/duckcorp-infra.git/ansible/roles/dc-base/handlers/main.yml:21
Wednesday 15 December 2021 09:55:22 +0100 (0:00:00.093) 0:00:23.157 ****
changed: [Toushirou] => changed=true
name: dc_firewalling
state: started
[...]
PLAY RECAP ***
Toushirou : ok=13 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Playbook run took 0 days, 0 hours, 0 minutes, 24 seconds
Wednesday 15 December 2021 09:55:23 +0100 (0:00:01.518) 0:00:24.675 ****
IRC on Web: define IRCd services
Closes #747