Add a warning for the first run.

2017-08-23 15:02:27 +02:00 · 2017-08-23 15:02:27 +02:00 · 96080445da
parent f2d586c176
commit 96080445da
1 changed files with 14 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -5,10 +5,11 @@
     * [OS Specific Variables](#os-specific-variables)
     * [Rules Dictionaries](#rules-dictionaries)
 3. [Example Playbook](#example-playbook)
-4. [Configuration](#configuration)
-5. [Development](#development)
-6. [License](#license)
-7. [Author Information](#author-information)
+4. [Known Issue](#known-issue)
+5. [Configuration](#configuration)
+6. [Development](#development)
+7. [License](#license)
+8. [Author Information](#author-information)

 ## Overview

@ -237,6 +238,15 @@ nft_input_group_rules:
    - counter
 ```

+## Known Issue
+
+* The first run of a playbook may be long (~8 minutes) just after the (re)start of `nftables` service.
+  * Probably due to Ansible/OpenSSH Specific default Settings, the outgoing connections for Ansible/SSH will be blocked :
+```
+trace id d7c3a8dc inet firewall output packet: oif "ens18" ip saddr REMOTE_HOST ip daddr MY_HOST ip dscp 0x02 ip ecn not-ect ip ttl 64 ip id 56799 ip length 420 tcp sport ssh tcp dport 53922 tcp flags == 0x18 tcp window 1452
+```
+  * This only happen at the first run on new clean host. The next runs will works without any delay.
+
 ## Configuration

 This role will :