On Thu, 2007-01-18 at 12:11 +0100, Daniel Pielmeier wrote: > the way i have applied my rules is as follows > > first i load them with my generated script > then i invoke /etc/init.d/iptables save > and to be sure i do an /etc/init.d/iptables restart > iptables -L, iptables -L -t nat, iptables -L -t mangle show me my new rules > when i look in /var/lib/iptables/rules-save i also see my new rules > when i issue /etc/init.d/net.eth1 restart iptables -L, iptables -L -t > nat, iptables -L -t mangle show me the old rules from shorewall
hmm, shorewall must have done something that's more persistent. Have a look at /etc/runlevels, and make sure there is no shorewall stuff left in there. Also look in /etc/conf.d/net* and make sure there is no postup functions lying around. And make sure /etc/init.d/net.eth1 is a symlink to /etc/init.d/net.lo, and then make sure net.lo hasn't been "modified" by shorewall. you could do a `emerge --noconfmem baselayout` to make extra sure. **Read the man page first. Is there a /etc/shorewall directory? Perhaps someone who has it installed could do `equery files shorewall` so you could check that it really is deleted. Well, these idea's are really stabbing in the dark, but you gotta start somewhere! HTH, -- Iain Buchanan <iaindb at netspace dot net dot au> Workers of the world, arise! You have nothing to lose but your chairs. -- gentoo-user@gentoo.org mailing list