Re: iptables

To: Brian May <bam@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: iptables
From: elf@florence.buici.com
Date: Mon, 3 Dec 2001 16:38:28 -0800
Message-id: <[🔎] 20011203163828.A9130@buici.com>
In-reply-to: <[🔎] 847ks3evbl.fsf@scrooge.apana.org.au>
References: <[🔎] 847ks3evbl.fsf@scrooge.apana.org.au>

You haven't mentioned the kernel version.  I've had loads of problems
with the 2.4.x series after 2.4.3.  (I have been telling my clients to
stick with 2.2 for the time being unless, like me, they are using
multi-proc boards.)

So, let's start with which kernel.

On Tue, Dec 04, 2001 at 10:29:50AM +1100, Brian May wrote:
> Hello,
> 
> I have a problem with iptables which in turn is causing lots of hair
> loss...
> 
> 
> On my computer, I have iptables configured in /etc/network/interfaces
> using the "up" and "down" scripts.
> 
> I also do similar things for isdn (in /etc/isdn/device.ippp0) and PPP
> in (/etc/ppp/ip-*.d/firewall).
> 
> So when the adaptor is configured, the firewall rules are configured
> and when the adaptor is deconfigured, the firewall rules are removed.
> 
> As part of the configuration process, the default policy is set to
> DROP all packets, and acceptable packets are specifically allowed.
> 
> This all use to work fine.
> 
> Now, something has changed and it no longer works. During boot I get
> no errors. After the computer boots, there are no firewall rules, and
> the default policy for {INPUT,OUTPUT,FORWARD} is ACCEPT.
> 
> (If a PPP link is established, then the default policy gets changed to
> "DROP" with serious results, as packets to lo interface are all
> dropped :-( )
> 
> If I type in "ifdown eth0" immediately after boot, I get errors that
> the iptables entries do not exist. This, implies that the interfaces
> are being correctly configured at boot. If I type in "ifup eth0" then
> it is configured exactly as I would expect with no problems.
> 
> 
> 
> I can only presume that either:
> 
> a) calls to iptables in early boot are ignored. Seems unlikely...
> 
> or
> 
> b) after the iptables are initially configured, another part of the
> boot process automatically de-configures it again. However, I can't
> see where.
> 
> Just to prove b) wrong, I tried:
> 
> snoopy:unstable:~# grep iptables /etc/init.d/* /etc/isdn/*
> 
> but get no matches (the script that configures iptables is is
> /usr/local/sbin).
> 
> 
> Any ideas?
> 
> Thanks in advance.
> -- 
> Brian May <bam@debian.org>
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: iptables
  - From: Brian May <bam@debian.org>

References:
- iptables
  - From: Brian May <bam@debian.org>

Prev by Date: Re: Debian trademark [was: Debian GNU/w32, may ready to be started?]
Next by Date: Re: Archive of patent-encumbered software
Previous by thread: iptables
Next by thread: Re: iptables
Index(es):
- Date
- Thread