Re: [gentoo-user] iptables (not) started?
On Friday 29 Mar 2013 18:25:11 Jarry wrote:
Hi Gentoo-users,
I noticed one thing on my server: during boot-up no message
about firewall being started is printed on console. I always
have to check manually if iptables-rules have been loaded.
Strange thing, when doing shutdown, I see messages I expect:
* Saving iptables state ... [ ok ]
* Stopping firewall ... [ ok ]
I checked also /etc/init.d/iptables and I think it should
show some messages at start:
start() {
checkconfig || return 1
ebegin Loading ${iptables_name} state and starting firewall
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} ${iptables_save}
eend $?
}
Can someone explain to me why this message is not printed?
Do you have some other script starting your iptables, rather than the vanilla
/etc/init.d/iptables?
Does '/etc/init.d/iptables status' show that it is running?
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
Re: [gentoo-user] iptables (not) started?
On 29-Mar-13 19:43, Mick wrote:
On Friday 29 Mar 2013 18:25:11 Jarry wrote:
Hi Gentoo-users,
I noticed one thing on my server: during boot-up no message
about firewall being started is printed on console. I always
have to check manually if iptables-rules have been loaded.
Strange thing, when doing shutdown, I see messages I expect:
* Saving iptables state ... [ ok ]
* Stopping firewall ... [ ok ]
I checked also /etc/init.d/iptables and I think it should
show some messages at start:
start() {
checkconfig || return 1
ebegin Loading ${iptables_name} state and starting firewall
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} ${iptables_save}
eend $?
}
Can someone explain to me why this message is not printed?
Do you have some other script starting your iptables, rather than the vanilla
/etc/init.d/iptables?
No.
Does '/etc/init.d/iptables status' show that it is running?
* status: started
I recorded screen with my video-camera to be sure I did not miss
some message. But I found no trace about iptables being started...
Jarry
--
___
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.
Re: [gentoo-user] iptables (not) started?
On Mar 30, 2013 1:27 AM, Jarry mr.ja...@gmail.com wrote: Hi Gentoo-users, I noticed one thing on my server: during boot-up no message about firewall being started is printed on console. I always have to check manually if iptables-rules have been loaded. Strange thing, when doing shutdown, I see messages I expect: * Saving iptables state ... [ ok ] * Stopping firewall ... [ ok ] Slightly tangential to the subject, but related... I personally prefer *not* to automatically save iptables rules on shutdown. That way, if I made some stupid mistake, a reboot restores the system to the LKGC (Last Known Good Configuration)... Rgds, --
Re: [gentoo-user] iptables (not) started?
On Friday 29 Mar 2013 19:03:57 Jarry wrote:
On 29-Mar-13 19:43, Mick wrote:
On Friday 29 Mar 2013 18:25:11 Jarry wrote:
Hi Gentoo-users,
I noticed one thing on my server: during boot-up no message
about firewall being started is printed on console. I always
have to check manually if iptables-rules have been loaded.
Strange thing, when doing shutdown, I see messages I expect:
* Saving iptables state ... [ ok ]
* Stopping firewall ... [ ok ]
I checked also /etc/init.d/iptables and I think it should
show some messages at start:
start() {
checkconfig || return 1
ebegin Loading ${iptables_name} state and starting firewall
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} ${iptables_save}
eend $?
}
Can someone explain to me why this message is not printed?
Do you have some other script starting your iptables, rather than the
vanilla /etc/init.d/iptables?
No.
Does '/etc/init.d/iptables status' show that it is running?
* status: started
I recorded screen with my video-camera to be sure I did not miss
some message. But I found no trace about iptables being started...
I have not set rc_logger in /etc/conf.d/iptables to know if it would make a
difference and can confirm that I can clearly see it on my boxen at boot time:
* Loading iptables state and starting firewall ...[ ok ]
Another thing to check is that it is in the default level:
$ eselect rc list | grep iptables
iptables default
I'm not sure if it would show up, or the message be suppressed if you add it
to the boot level.
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
Re: [gentoo-user] iptables (not) started?
On Friday 29 Mar 2013 19:34:39 Mick wrote:
On Friday 29 Mar 2013 19:03:57 Jarry wrote:
On 29-Mar-13 19:43, Mick wrote:
On Friday 29 Mar 2013 18:25:11 Jarry wrote:
Hi Gentoo-users,
I noticed one thing on my server: during boot-up no message
about firewall being started is printed on console. I always
have to check manually if iptables-rules have been loaded.
Strange thing, when doing shutdown, I see messages I expect:
* Saving iptables state ... [ ok ]
* Stopping firewall ... [ ok ]
I checked also /etc/init.d/iptables and I think it should
show some messages at start:
start() {
checkconfig || return 1
ebegin Loading ${iptables_name} state and starting firewall
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} ${iptables_save}
eend $?
}
Can someone explain to me why this message is not printed?
Do you have some other script starting your iptables, rather than the
vanilla /etc/init.d/iptables?
No.
Does '/etc/init.d/iptables status' show that it is running?
* status: started
I recorded screen with my video-camera to be sure I did not miss
some message. But I found no trace about iptables being started...
I have not set rc_logger in /etc/conf.d/iptables to know if it would make a
difference and can confirm that I can clearly see it on my boxen at boot
time:
* Loading iptables state and starting firewall ... [ ok ]
Another thing to check is that it is in the default level:
$ eselect rc list | grep iptables
iptablesdefault
I'm not sure if it would show up, or the message be suppressed if you add
it to the boot level.
Just tested this - it does not suppress it in my machine if I set it to boot
level. Which makes me think ...
Why do wikis and the like suggest that iptables should be in default rather
than boot runlevel?
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
Re: [gentoo-user] iptables (not) started?
On Fri, 29 Mar 2013 19:44:14 +, Mick wrote: Why do wikis and the like suggest that iptables should be in default rather than boot runlevel? Why not? There's no need to start it especially early, as long as it is running before the network comes up, and the init script takes care of that. -- Neil Bothwick Vuja De: the feeling that you've never been here before. signature.asc Description: PGP signature
Re: [gentoo-user] iptables (not) started?
On Friday 29 Mar 2013 20:37:20 Neil Bothwick wrote: On Fri, 29 Mar 2013 19:44:14 +, Mick wrote: Why do wikis and the like suggest that iptables should be in default rather than boot runlevel? Why not? There's no need to start it especially early, as long as it is running before the network comes up, and the init script takes care of that. I haven't seen anything in net.lo that waits for iptables and I seem to recall that the network interfaces are started before iptables is run, unless I start iptables at boot level. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] iptables (not) started?
On Fri, 29 Mar 2013 23:29:39 +, Mick wrote: Why do wikis and the like suggest that iptables should be in default rather than boot runlevel? Why not? There's no need to start it especially early, as long as it is running before the network comes up, and the init script takes care of that. I haven't seen anything in net.lo that waits for iptables and I seem to recall that the network interfaces are started before iptables is run, unless I start iptables at boot level. The iptables init script contains before net. -- Neil Bothwick Advanced: (adj.) doesn't work yet, but it's pretty close. See: bug, glitch. signature.asc Description: PGP signature
