Package: iptables-persistent
Version: 0.0.20100801
Severity: normal
Tags: patch ipv6
Seems an odd omission at this point in time not to provide the capability
to trigger ip6tables-restore in this package. It's not a formal patch, but
reportbug has attached /etc/init.d/iptables-persistent with the simple
change I've added. A full fix probably needs to add a few words in the
description and docs as well.
Thanks!
-- System Information:
Debian Release: 6.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i586)
Kernel: Linux 2.6.32-5-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iptables-persistent depends on:
ii iptables 1.4.8-3 administration tools for packet fi
iptables-persistent recommends no packages.
iptables-persistent suggests no packages.
-- Configuration Files:
/etc/init.d/iptables-persistent changed:
case "$1" in
start)
if [ -f /etc/iptables/rules ]; then
iptables-restore </etc/iptables/rules
fi
if [ -f /etc/iptables/rules6 ]; then
ip6tables-restore </etc/iptables/rules6
fi
;;
stop|force-stop|restart|force-reload|status)
;;
*)
echo "Usage: $0 {start|stop|force-stop|restart|force-reload|status}" >&2
exit 1
;;
esac
exit 0
/etc/iptables/rules changed:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:drop-and-log-it - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 172.31.0.0/16 -i eth0 -j ACCEPT
-A INPUT -s 172.31.0.0/16 -i eth1 -j drop-and-log-it
-A INPUT -d 69.17.22.215/32 -i eth1 -j ACCEPT
-A INPUT -d 69.17.22.215/32 -i eth1 -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A INPUT -j drop-and-log-it
-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-A FORWARD -m mark --mark 0x1 -j ACCEPT
-A FORWARD -j drop-and-log-it
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 69.17.22.215/32 -d 172.31.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -s 172.31.1.1/32 -d 172.31.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -d 172.31.0.0/16 -o eth1 -j drop-and-log-it
-A OUTPUT -s 69.17.22.215/32 -o eth1 -j ACCEPT
-A OUTPUT -j drop-and-log-it
-A drop-and-log-it -j LOG --log-level 6
-A drop-and-log-it -j REJECT --reject-with icmp-port-unreachable
COMMIT
*mangle
:PREROUTING ACCEPT [1665:593487]
:INPUT ACCEPT [176:13335]
:FORWARD ACCEPT [1489:580152]
:OUTPUT ACCEPT [147:16305]
:POSTROUTING ACCEPT [1636:596457]
-A PREROUTING -d 69.17.22.215/32 -i eth1 -p tcp -m multiport --dports
443,444,6881:6889 -j MARK --set-xmark 0x1/0xffffffff
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
*nat
:PREROUTING ACCEPT [467422:31286127]
:POSTROUTING ACCEPT [3083:200516]
:OUTPUT ACCEPT [5572:392319]
-A PREROUTING -d 69.17.22.215/32 -p tcp -m tcp --dport 443 -j DNAT
--to-destination 172.31.1.5:22
-A PREROUTING -d 69.17.22.215/32 -p tcp -m tcp --dport 444 -j DNAT
--to-destination 172.31.1.23:22
-A PREROUTING -d 69.17.22.215/32 -p tcp -m tcp --dport 6881:6889 -j DNAT
--to-destination 172.31.1.5:6881-6889
-A POSTROUTING -o eth1 -j SNAT --to-source 69.17.22.215
COMMIT
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
