From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47841) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g2HAa-0007iD-B0 for guix-patches@gnu.org; Tue, 18 Sep 2018 10:40:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1g2HAZ-0002U3-9D for guix-patches@gnu.org; Tue, 18 Sep 2018 10:40:04 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:40314) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1g2HAZ-0002Tv-4v for guix-patches@gnu.org; Tue, 18 Sep 2018 10:40:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1g2HAY-0005di-SK for guix-patches@gnu.org; Tue, 18 Sep 2018 10:40:02 -0400 Subject: [bug#32465] Add iptables service Resent-Message-ID: From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <87lg8hbe0c.fsf@gnu.org> <87va734yxd.fsf@gnu.org> Date: Tue, 18 Sep 2018 16:39:45 +0200 In-Reply-To: (Arun Isaac's message of "Tue, 18 Sep 2018 11:54:31 +0530") Message-ID: <878t3yj2dq.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Arun Isaac Cc: 32465@debbugs.gnu.org Hi, Arun Isaac skribis: >>> - Is the example I added for the iptables.rules sufficient? I couldn't >>> find upstream documentation for the iptables.rules format. I suspect >>> it doesn't exist. Do you know of any upstream documentation that can >>> be referred to here? >> >> From a quick search it must be , >> specifically . > > This is general documentation for netfilter, not specific documentation > about the iptables.rules format. For that, I don't think there is > upstream documentation. > > https://unix.stackexchange.com/questions/400163/netfilter-iptables-restor= e-file-format-documentation/400203 Oh indeed. >>> + (stop #~(lambda _ >>> + (invoke #$iptables-restore #$%iptables-accept-all-ru= les) >>> + (invoke #$ip6tables-restore #$%iptables-accept-all-r= ules)))))))) >> >> There=E2=80=99s a peculiarity of =E2=80=98stop=E2=80=99 which is that it= must return #f on >> success. So here, you just need to add a trailing #f after the second >> =E2=80=98invoke=E2=80=99 call. If you do that, I suppose the test that = stops the >> firewall will pass. > > There was one problem with stop-service being an unbound variable. I > fixed that by adding (use-modules (gnu services herd)). But, now the > test just freezes up. I wonder if it is waiting for some timeout. Here > is the snippet for the test I am currently using. Also, returning #f > from stop didn't make a difference. > > (test-assert "inetd echo service is accessible after iptables firewall is= stopped" > (begin > (marionette-eval > '(begin > (use-modules (gnu services herd)) > (stop-service 'iptables)) > marionette) > (wait-for-tcp-port inetd-echo-port marionette #:timeout 5))) Do you see any messages on the console? Thanks, Ludo=E2=80=99.