Secure Test Projects - iptables silently failing, inaccurate offline results
Within the Secure Test Projects it was found that with offline-FREEZE
branches, iptables
may be silently failing, due to being used in a combined command with &&
, thus the test was not actually offline.
See #387823 (comment 1253476833)
Fix
Update CI, replace
- iptables -P INPUT DROP && iptables -P OUTPUT DROP
with
- iptables -P INPUT DROP
- iptables -P OUTPUT DROP
Note that the following may be needed due to nftables
issues
- update-alternatives --set iptables /usr/sbin/iptables-legacy