openstack team mailing list archive

Thread
Date

Re: l3-agent iptables-restore: line 23 failed

To: Martin Mailand <martin@xxxxxxxxxxxx>
From: Brian Haley <brian.haley@xxxxxx>
Date: Mon, 03 Jun 2013 11:40:12 -0400
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <51AA08FD.9040106@tuxadero.com>
Organization: HP Cloud Services
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130330 Thunderbird/17.0.5

On 06/01/2013 10:45 AM, Martin Mailand wrote:
> Hi List,
> 
> if I add my routers gateway to an external network, I get an error in
> the l3-agent.log, about a failure in iptables-restore.
> As far as I know iptables-restore gets the information on stdin, how
> could I see the iptable rules which do not apply?
> How could I debug this further?

Have seen this in testing myself, not sure there's an easy solution besides
modifying the code to print the resultant filter after it's been modified,
something like this in the iptables_manager _apply() code:

     new_filter = self._modify_rules(current_lines,
                                     tables[table])
+    for f in enumerate(new_filter):
+        print f
     args = ['%s-restore' % (cmd)]

You'll get a lot of extra output in the logs but should be able to find the bad
line.

-Brian

References

l3-agent iptables-restore: line 23 failed
From: Martin Mailand, 2013-06-01