Re: [gentoo-user] iptables (not) started?

Fri, 29 Mar 2013 12:44:46 -0700 

On Friday 29 Mar 2013 19:34:39 Mick wrote:
> On Friday 29 Mar 2013 19:03:57 Jarry wrote:
> > On 29-Mar-13 19:43, Mick wrote:
> > > On Friday 29 Mar 2013 18:25:11 Jarry wrote:
> > >> Hi Gentoo-users,
> > >> 
> > >> I noticed one thing on my server: during boot-up no message
> > >> about firewall being started is printed on console. I always
> > >> have to check manually if iptables-rules have been loaded.
> > >> Strange thing, when doing shutdown, I see messages I expect:
> > >> 
> > >> * Saving iptables state ...                  [ ok ]
> > >> * Stopping firewall ...                      [ ok ]
> > >> 
> > >> I checked also /etc/init.d/iptables and I think it should
> > >> show some messages at start:
> > >> 
> > >> start() {
> > >> checkconfig || return 1
> > >> ebegin "Loading ${iptables_name} state and starting firewall"
> > >> ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
> > >> eend $?
> > >> }
> > >> 
> > >> Can someone explain to me why this message is not printed?
> > > 
> > > Do you have some other script starting your iptables, rather than the
> > > vanilla /etc/init.d/iptables?
> > 
> > No.
> > 
> > > Does '/etc/init.d/iptables status' show that it is running?
> > 
> > * status: started
> > 
> > I recorded screen with my video-camera to be sure I did not miss
> > some message. But I found no trace about iptables being started...
> 
> I have not set rc_logger in /etc/conf.d/iptables to know if it would make a
> difference and can confirm that I can clearly see it on my boxen at boot
> time:
> 
>   * Loading iptables state and starting firewall ...                  [ ok ]
> 
> 
> Another thing to check is that it is in the default level:
> 
> $ eselect rc list | grep iptables
>   iptables                    default
> 
> I'm not sure if it would show up, or the message be suppressed if you add
> it to the boot level.

Just tested this - it does not suppress it in my machine if I set it to boot 
level.  Which makes me think ...

Why do wikis and the like suggest that iptables should be in default rather 
than boot runlevel?
-- 
Regards,
Mick

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to