Re: [lxc-users] iptables-save not working in unprivileged containers?
> Von: Tomasz Chmielewski [mailto:man...@wpkg.org] > > On 2015-11-10 01:22, Fiedler Roman wrote: > > >> # iptables -A INPUT -p tcp --dport 22 -j ACCEPT > > > > Yes, also here. > > > > Compare > > > > iptables-save > > > > with > > > > iptables-save -t filter > > > > Later should work. I think, that some special tables cannot be read in > > unpiv > > (mangle perhaps). > > It seems to behave just like "iptables-save" executed by non-root user > (in non-container). Not on this side: * Normal user: $ iptables-save -t filter iptables-save v1.4.21: Cannot initialize: Permission denied (you must be root) * As root in unpriv container: # iptables-save -t filter # Generated by iptables-save v1.4.21 on Mon Nov 9 16:55:27 2015 *filter :INPUT DROP [0:0] smime.p7s Description: S/MIME cryptographic signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] iptables-save not working in unprivileged containers?
> Von: lxc-users [mailto:lxc-users-boun...@lists.linuxcontainers.org] Im > Auftrag > > For some, reason, iptables-save does not seem to be working in > unprivileged containers. > > To reproduce: > > - this adds a sample iptables rule: > > # iptables -A INPUT -p tcp --dport 22 -j ACCEPT Yes, also here. Compare iptables-save with iptables-save -t filter Later should work. I think, that some special tables cannot be read in unpiv (mangle perhaps). > [Snip] LG R smime.p7s Description: S/MIME cryptographic signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] iptables-save not working in unprivileged containers?
For some, reason, iptables-save does not seem to be working in unprivileged containers. To reproduce: - this adds a sample iptables rule: # iptables -A INPUT -p tcp --dport 22 -j ACCEPT - this lists the rule: # iptables -L -v -n Chain INPUT (policy ACCEPT 13166 packets, 5194K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0tcp dpt:22 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 12620 packets, 656K bytes) pkts bytes target prot opt in out source destination - this is supposed to dump iptables rules to stdout - but it doesn't: # iptables-save # Any idea how to make "iptables-save" working in unprivileged lxc containers? Tomasz Chmielewski http://wpkg.org ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] iptables-save not working in unprivileged containers?
On 2015-11-10 01:22, Fiedler Roman wrote: # iptables -A INPUT -p tcp --dport 22 -j ACCEPT Yes, also here. Compare iptables-save with iptables-save -t filter Later should work. I think, that some special tables cannot be read in unpiv (mangle perhaps). It seems to behave just like "iptables-save" executed by non-root user (in non-container). Tomasz Chmielewski http://wpkg.org ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users