Why does Capistrano lock up when executing a specific iptables command?

Question

I'm trying to remotely open a port in a iptables firewall using Capistrano. Here's my task:

  desc "Open up a port in the firewall"
  task :open_port, :roles => :all do
    port = variables[:port] || nil
    if (!port)
      puts "You must specify the port number"
      next
    end
    run "#{sudo} /sbin/iptables -I RH-Firewall-1-INPUT 1 -p tcp --dport #{port.to_s} -j ACCEPT"
    run "#{sudo} /sbin/service iptables save"
    run "#{sudo} /etc/init.d/iptables restart"
  end

The problem is that the first command in the task locks up. I've tried running this rule using a variety of port numbers and target machines, always with the same result.

I've got literally many dozens of other rules that look much like this but that work fine. In fact, I've got a similar task where the first command is a call to iptables to create a port mapping and that task works just fine.

What's more, I can successfully run this command on the Capistrano host:

  ssh -l deployer core sudo /sbin/iptables -I RH-Firewall-1-INPUT 1 -p tcp --dport 2424 -j ACCEPT

This works fine. This should be exactly what Capistrano is attempting to do.

Why is this command locking up Capistrano?

TIA for a solution or any clue whatsoever.

Have Fun All!!!

Answer 1

Figured this one out myself the other day. The problem was that I was using the name 'port' as the parameter to my task. The 'parameter' port is recognized by the 'run' command, and causes the system to try to connect to the target machine via that port rather than the normal ssh port. Hence the lockup.

I changed my parameter name to 'dport', and the task started working as I expected.