On 8/4/2014 7:28 AM, Tom Eastep wrote: > On 8/4/2014 1:17 AM, Niall O Broin wrote: > >> >> When I moved the shorewall start script to run level 2, behaviour is > as expected and desired. >> >> Capturing the output of iptables -L in both cases, I found the > following extra rules when shorewall started in run level S >> >> Chain INPUT (policy DROP) >> target prot opt source destination >> ACCEPT udp -- anywhere anywhere udp dpt:domain >> ACCEPT tcp -- anywhere anywhere tcp dpt:domain >> ACCEPT udp -- anywhere anywhere udp dpt:bootps >> ACCEPT tcp -- anywhere anywhere tcp dpt:bootps >> >> Chain FORWARD (policy DROP) >> target prot opt source destination >> ACCEPT all -- anywhere 192.168.1.0/24 state >> RELATED,ESTABLISHED >> ACCEPT all -- 192.168.1.0/24 anywhere >> ACCEPT all -- anywhere anywhere >> REJECT all -- anywhere anywhere reject-with >> icmp-port-unreachable >> REJECT all -- anywhere anywhere reject-with >> icmp-port-unreachable >> >> As the VMs run with 192.168.1.0/24 addresses these rules in FORWARD >> are less than helpful. Any ideas as to why they are appearing there >> when run in run level S but not when run in run level 2? > > First of all, the output of the raw 'iptables -L' command is almost > useless. You should use 'iptables -L -nv' or 'shorewall show'. > > As to why the rules are there, I suspect that you have another iptables > configuration tool on that system and that it is started after Shorewall > does when Shorewall is configured to run in level S. >
The other possibility is that Shorewall is failing to start at runlevel S and that those are the 'routestopped' (a.k.a 'stoppedrules' in later versions) rules. If you have configured an INITLOG, it might give you a clue. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
