Re: OT: netfilter inquiry

To: Debian Userlist <debian-user@lists.debian.org>
Subject: Re: OT: netfilter inquiry
From: Peter Palmreuther <lists@pitpalme.de>
Date: Tue, 2 Oct 2001 18:29:36 +0200
Message-id: <[🔎] 18629212905.20011002182936@pitpalme.de>
Reply-to: Debian Userlist <debian-user@lists.debian.org>
In-reply-to: <20010929134933.A610@amnesiac>
References: <20010926101022.A242@amnesiac> <20010925202743.022ef248.debian@to11.net> <20010926144154.B356@amnesiac> <479387168.20010926125338@pitpalme.de> <20010929134933.A610@amnesiac>

Hello Rino,

On Saturday, September 29, 2001 at 7:49:33 AM, 
you wrote (at least in part):

RM> hey peter.  lsmod always gives this:

RM> ipt_LOG                 3056   1  (autoclean)
RM> iptable_filter          1696   0  (autoclean) (unused)
RM> ip_tables              10400   2  [ipt_LOG iptable_filter]

RM> so i remarked the nat line and i'm still getting the message.  i think i
RM> may have overlooked one thing -- it only comes during boot time.  so i
RM> remarked the "$IPT -F" line and the message disappeared.

I don't know if this is a really good idea. I'd rather test and try to break
it down to the _real_ problem.
Flushing the tables as 'iptables -F' does will be important one day you do not
further think about you've deleted the line :-)
I can't test at the moment as I don't want to reboot my Gateway.
What iptables-modules are loaded at boot time when this message appears?
If you can't break it down I'd rather live with this _one time_ message
instead of missing the flush function ... But this is only me :-)

I had a closer look in your script.
Try this lines
---
#Flush old rules, delete the firewall chain if it exists
$IPT -F
#$IPT -F -t nat
#$IPT -X firewall
---
I've overseen the line with 'firewall' in my first reply, this one could be
the culprit beside 'nat' too as it tells 'iptables' to delete a table that may
not exist.
As I said, I'd in every case keep the '-F' line without a table name as it
flushes the default tables.
Not flushing them could lead to a malfunction if your script _adds_ rules
because not flushing would keep the old rules so maybe some of your new rules
never would be hit :-)

RM> about that info line i set it to level 1 without knowing if it's the
RM> equivalent of "info".  either i downgrade or wait for a patch as i can't
RM> find the equivalent numerical value of "info".

INFO should be '6', you may want to have a look into

/usr/include/sys/syslog.h

What else could help is setting the level to 'INFO' rather than 'info' ...
IIRC I've read something similar some time ago that lower case levels aren't
recognized properly. Would you mind giving it a try and re-report in?

HTH
-- 
Best regards
 Peter

Reply to:

Follow-Ups:
- Re: OT: netfilter inquiry
  - From: Rino Mardo <rmardo@yahoo.com>

Prev by Date: Re: fetchmail error
Next by Date: Re: network
Previous by thread: Re: Setting up a bunch of boxen at a small school.
Next by thread: Re: OT: netfilter inquiry
Index(es):
- Date
- Thread