Correct way to add firewall rules in tripleo | Wallaby

Swogat Pradhan swogatpradhan22 at gmail.com
Wed Jul 20 17:37:03 UTC 2022


Hi,
I am trying to add a rule for zabbix in my tripleo wallaby setup on top of
centos 8 stream.
i followed
https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/security_hardening.html


but got the error message:

 [ERROR]: Failed, module return: {'msg': 'value of action must be one of:
append, insert, got: accept', 'failed': True, 'invocation': {'module_args':
{'state': 'present', 'action': 'accept', 'jump': 'ACCEPT', 'chain': 'INPUT',
'protocol': 'tcp', 'source': '172.25.161.50', 'ctstate': ['NEW'],
'ip_version':
'ipv4', 'comment': '301 allow zabbix ipv4', 'destination_port': '10050',
'table': 'filter', 'match': [], 'syn': 'ignore', 'flush': False}},
'warnings':
["The value 10050 (type int) in a string field was converted to '10050'
(type
string). If this does not look like what you expect, quote the entire value
to
ensure it does not change."], '_ansible_parsed': True}
 [ERROR]: Failed, return data: {'stdout': None, 'stderr': None, 'msg':
'value
of action must be one of: append, insert, got: accept', 'cmd': None, 'rc':
0,
'failed': True}
2022-07-21 01:27:33.335477 | 48d539a1-1679-1e80-25fd-000000005aa1 |
TASK | Manage firewall rules
2022-07-21 01:27:33.351515 | 48d539a1-1679-1e80-25fd-000000005542 |
 FATAL | Manage firewall rules | overcloud-controller-0 | error={"changed":
false, "cmd": null, "msg": "value of action must be one of: append, insert,
got: accept", "rc": 0, "stderr": null, "stdout": null}


When i tried the following link:
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/security_and_hardening_guide/using_director_to_configure_security_hardening
<https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/security_and_hardening_guide/using_director_to_configure_security_hardening>
my script is running fine but rules are not updated in iptables for zabbix.

Can you please suggest a correct approach to open port 10050 in tripleo?

With regards,
Swogat Pradhan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20220720/8d7c01a0/attachment.htm>


More information about the openstack-discuss mailing list