wallentx/gist:1d3571c41c28b33434d6b3122ed048e8 Secret

## gistfile1.txt
$ sudo salt-call state.sls blah.something
...
[INFO    ] Running state [/etc/iptables/rules.v4] at time 17:44:35.985120
[INFO    ] Executing state file.managed for /etc/iptables/rules.v4
[INFO    ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://some/path/poop/etc_iptables_rules.v4'
[INFO    ] File changed:
---
+++
@@ -10,4 +10,4 @@
 :POSTROUTING ACCEPT [0:0]
 -A PREROUTING -p tcp -d 1.2.3.4 --dport 1234 -j DNAT --to 4.5.6.7:1234
 -A POSTROUTING -d 4.5.6.7 -j SNAT --to-source 8.8.8.8
-COMMIT
+COMMIT
[INFO    ] Completed state [/etc/iptables/rules.v4] at time 17:44:35.999511
[INFO    ] Running state [iptables-persistent] at time 17:44:36.000892
[INFO    ] Executing state service.running for iptables-persistent
[INFO    ] Executing command ['service', 'iptables-persistent', 'status'] in directory '/home/poop'
[ERROR   ] Command ['service', 'iptables-persistent', 'status'] failed with return code: 1
[ERROR   ] output: Usage: /etc/init.d/iptables-persistent {start|restart|reload|force-reload|save|flush}
[INFO    ] Executing command ['service', 'iptables-persistent', 'start'] in directory '/home/poop'
[ERROR   ] Command ['service', 'iptables-persistent', 'start'] failed with return code: 1
[ERROR   ] output:  * Loading iptables rules...
 *  IPv4...
 *  IPv6...
   ...fail!
[ERROR   ] {'iptables-persistent': False}
[INFO    ] Completed state [iptables-persistent] at time 17:44:36.019963
...

=================
salt output
=================
...
----------
          ID: /etc/iptables/rules.v4
    Function: file.managed
      Result: True
     Comment: File /etc/iptables/rules.v4 updated
     Started: 17:44:35.985120
    Duration: 14.391 ms
     Changes:
              ----------
              diff:
                  ---
                  +++
                  @@ -10,4 +10,4 @@
                   :POSTROUTING ACCEPT [0:0]
                   -A PREROUTING -p tcp -d 1.2.3.4 --dport 1234 -j DNAT --to 5.6.7.8:1234
                   -A POSTROUTING -d 5.6.7.8 -j SNAT --to-source 8.8.8.8
                  -COMMIT
                  +COMMIT
----------
          ID: iptables-persistent
    Function: service.running
      Result: False
     Comment: Service iptables-persistent is already enabled, and is dead
     Started: 17:44:36.000892
    Duration: 19.071 ms
     Changes:
              ----------
              iptables-persistent:
                  False


=========================
inspecting rules.v4 file
=========================

$ ll
total 8.0K
-rw-r--r-- 1 327 Apr 19 17:44 rules.v4

=======

$ lstat
644  root:root  rules.v4

=======

$ file -bi rules.v4
text/plain; charset=us-ascii

=======

$ cat rules.v4
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [4:540]
:INPUT ACCEPT [4:540]
:OUTPUT ACCEPT [9:624]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -d 1.2.3.4 --dport 1234 -j DNAT --to 4.5.6.7:1234
-A POSTROUTING -d 4.5.6.7 -j SNAT --to-source 8.8.8.8
COMMIT

========

$ sudo service iptables-persistent reload
 * Loading iptables rules...
 *  IPv4...
 *  IPv6...                                  [fail]

========

$ iptables-restore < /etc/iptables/rules.v4
iptables-restore v1.4.21: iptables-restore: unable to initialize table 'filter'

Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

========

NOW OPENING THE FILE, MAKING NO CHANGES, AND SAVING

========

$ ll
total 8.0K
-rw-r--r-- 1 328 Apr 19 17:59 rules.v4

========

$ lstat
644  root:root  rules.v4

========

$ file -bi rules.v4
text/plain; charset=us-ascii

========

$ cat rules.v4
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [4:540]
:INPUT ACCEPT [4:540]
:OUTPUT ACCEPT [9:624]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -d 1.2.3.4 --dport 1234 -j DNAT --to 4.5.6.7:1234
-A POSTROUTING -d 4.5.6.7 -j SNAT --to-source 8.8.8.8
COMMIT

=======

$ sudo service iptables-persistent reload
 * Loading iptables rules...
 *  IPv4...
 *  IPv6...                                  [ OK ]


 WTF
	$ sudo salt-call state.sls blah.something
	...
	[INFO ] Running state [/etc/iptables/rules.v4] at time 17:44:35.985120
	[INFO ] Executing state file.managed for /etc/iptables/rules.v4
	[INFO ] Fetching file from saltenv 'base', skipped latest already in cache 'salt://some/path/poop/etc_iptables_rules.v4'
	[INFO ] File changed:
	---
	+++
	@@ -10,4 +10,4 @@
	:POSTROUTING ACCEPT [0:0]
	-A PREROUTING -p tcp -d 1.2.3.4 --dport 1234 -j DNAT --to 4.5.6.7:1234
	-A POSTROUTING -d 4.5.6.7 -j SNAT --to-source 8.8.8.8
	-COMMIT
	+COMMIT
	[INFO ] Completed state [/etc/iptables/rules.v4] at time 17:44:35.999511
	[INFO ] Running state [iptables-persistent] at time 17:44:36.000892
	[INFO ] Executing state service.running for iptables-persistent
	[INFO ] Executing command ['service', 'iptables-persistent', 'status'] in directory '/home/poop'
	[ERROR ] Command ['service', 'iptables-persistent', 'status'] failed with return code: 1
	[ERROR ] output: Usage: /etc/init.d/iptables-persistent {start\|restart\|reload\|force-reload\|save\|flush}
	[INFO ] Executing command ['service', 'iptables-persistent', 'start'] in directory '/home/poop'
	[ERROR ] Command ['service', 'iptables-persistent', 'start'] failed with return code: 1
	[ERROR ] output: * Loading iptables rules...
	* IPv4...
	* IPv6...
	...fail!
	[ERROR ] {'iptables-persistent': False}
	[INFO ] Completed state [iptables-persistent] at time 17:44:36.019963
	...

	=================
	salt output
	=================
	...
	----------
	ID: /etc/iptables/rules.v4
	Function: file.managed
	Result: True
	Comment: File /etc/iptables/rules.v4 updated
	Started: 17:44:35.985120
	Duration: 14.391 ms
	Changes:
	----------
	diff:
	---
	+++
	@@ -10,4 +10,4 @@
	:POSTROUTING ACCEPT [0:0]
	-A PREROUTING -p tcp -d 1.2.3.4 --dport 1234 -j DNAT --to 5.6.7.8:1234
	-A POSTROUTING -d 5.6.7.8 -j SNAT --to-source 8.8.8.8
	-COMMIT
	+COMMIT
	----------
	ID: iptables-persistent
	Function: service.running
	Result: False
	Comment: Service iptables-persistent is already enabled, and is dead
	Started: 17:44:36.000892
	Duration: 19.071 ms
	Changes:
	----------
	iptables-persistent:
	False


	=========================
	inspecting rules.v4 file
	=========================

	$ ll
	total 8.0K
	-rw-r--r-- 1 327 Apr 19 17:44 rules.v4

	=======

	$ lstat
	644 root:root rules.v4

	=======

	$ file -bi rules.v4
	text/plain; charset=us-ascii

	=======

	$ cat rules.v4
	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	COMMIT
	*nat
	:PREROUTING ACCEPT [4:540]
	:INPUT ACCEPT [4:540]
	:OUTPUT ACCEPT [9:624]
	:POSTROUTING ACCEPT [0:0]
	-A PREROUTING -p tcp -d 1.2.3.4 --dport 1234 -j DNAT --to 4.5.6.7:1234
	-A POSTROUTING -d 4.5.6.7 -j SNAT --to-source 8.8.8.8
	COMMIT

	========

	$ sudo service iptables-persistent reload
	* Loading iptables rules...
	* IPv4...
	* IPv6... [fail]

	========

	$ iptables-restore < /etc/iptables/rules.v4
	iptables-restore v1.4.21: iptables-restore: unable to initialize table 'filter'

	Error occurred at line: 1
	Try `iptables-restore -h' or 'iptables-restore --help' for more information.

	========

	NOW OPENING THE FILE, MAKING NO CHANGES, AND SAVING

	========

	$ ll
	total 8.0K
	-rw-r--r-- 1 328 Apr 19 17:59 rules.v4

	========

	$ lstat
	644 root:root rules.v4

	========

	$ file -bi rules.v4
	text/plain; charset=us-ascii

	========

	$ cat rules.v4
	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	COMMIT
	*nat
	:PREROUTING ACCEPT [4:540]
	:INPUT ACCEPT [4:540]
	:OUTPUT ACCEPT [9:624]
	:POSTROUTING ACCEPT [0:0]
	-A PREROUTING -p tcp -d 1.2.3.4 --dport 1234 -j DNAT --to 4.5.6.7:1234
	-A POSTROUTING -d 4.5.6.7 -j SNAT --to-source 8.8.8.8
	COMMIT

	=======

	$ sudo service iptables-persistent reload
	* Loading iptables rules...
	* IPv4...
	* IPv6... [ OK ]



	WTF