So far, our iptables ansible role was taking care of : - setting up baseline rule - adding more custom rules - providing a custom task that could be imported from other roles to open traffic
It was working for years (and continue to do so) but since el9, nft was introduced to replace (older) iptables utility. While the compat was still working for el9, it's now time to investigate migrating natively to nftables
Proposal : * still use same iptables role (inherited/included everywhere) * just provide nftables rules starting from stream10/el10 * inject same logic also for custom rules/tasks (https://github.com/CentOS/ansible-role-iptables/blob/master/tasks/custom-policy.yml) showing that diff (based on distro release/version)
Metadata Update from @arrfab: - Issue tagged with: el10-readyness, high-gain, high-trouble, investigation
Metadata Update from @arrfab: - Issue assigned to arrfab
Forgot to assign myself to it but already have something working for baseline role (also adding custom policy for zabbix, etc)
Next items to add :
All done, pushed to iptables role and tested on Stream 10 host. Closing
iptables
Metadata Update from @arrfab: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.