[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]



I have a problem with iptables which in turn is causing lots of hair

On my computer, I have iptables configured in /etc/network/interfaces
using the "up" and "down" scripts.

I also do similar things for isdn (in /etc/isdn/device.ippp0) and PPP
in (/etc/ppp/ip-*.d/firewall).

So when the adaptor is configured, the firewall rules are configured
and when the adaptor is deconfigured, the firewall rules are removed.

As part of the configuration process, the default policy is set to
DROP all packets, and acceptable packets are specifically allowed.

This all use to work fine.

Now, something has changed and it no longer works. During boot I get
no errors. After the computer boots, there are no firewall rules, and
the default policy for {INPUT,OUTPUT,FORWARD} is ACCEPT.

(If a PPP link is established, then the default policy gets changed to
"DROP" with serious results, as packets to lo interface are all
dropped :-( )

If I type in "ifdown eth0" immediately after boot, I get errors that
the iptables entries do not exist. This, implies that the interfaces
are being correctly configured at boot. If I type in "ifup eth0" then
it is configured exactly as I would expect with no problems.

I can only presume that either:

a) calls to iptables in early boot are ignored. Seems unlikely...


b) after the iptables are initially configured, another part of the
boot process automatically de-configures it again. However, I can't
see where.

Just to prove b) wrong, I tried:

snoopy:unstable:~# grep iptables /etc/init.d/* /etc/isdn/*

but get no matches (the script that configures iptables is is

Any ideas?

Thanks in advance.
Brian May <bam@debian.org>

Reply to: