| 1 |
On Friday 29 Mar 2013 19:34:39 Mick wrote: |
| 2 |
> On Friday 29 Mar 2013 19:03:57 Jarry wrote: |
| 3 |
> > On 29-Mar-13 19:43, Mick wrote: |
| 4 |
> > > On Friday 29 Mar 2013 18:25:11 Jarry wrote: |
| 5 |
> > >> Hi Gentoo-users, |
| 6 |
> > >> |
| 7 |
> > >> I noticed one thing on my server: during boot-up no message |
| 8 |
> > >> about firewall being started is printed on console. I always |
| 9 |
> > >> have to check manually if iptables-rules have been loaded. |
| 10 |
> > >> Strange thing, when doing shutdown, I see messages I expect: |
| 11 |
> > >> |
| 12 |
> > >> * Saving iptables state ... [ ok ] |
| 13 |
> > >> * Stopping firewall ... [ ok ] |
| 14 |
> > >> |
| 15 |
> > >> I checked also /etc/init.d/iptables and I think it should |
| 16 |
> > >> show some messages at start: |
| 17 |
> > >> |
| 18 |
> > >> start() { |
| 19 |
> > >> checkconfig || return 1 |
| 20 |
> > >> ebegin "Loading ${iptables_name} state and starting firewall" |
| 21 |
> > >> ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" |
| 22 |
> > >> eend $? |
| 23 |
> > >> } |
| 24 |
> > >> |
| 25 |
> > >> Can someone explain to me why this message is not printed? |
| 26 |
> > > |
| 27 |
> > > Do you have some other script starting your iptables, rather than the |
| 28 |
> > > vanilla /etc/init.d/iptables? |
| 29 |
> > |
| 30 |
> > No. |
| 31 |
> > |
| 32 |
> > > Does '/etc/init.d/iptables status' show that it is running? |
| 33 |
> > |
| 34 |
> > * status: started |
| 35 |
> > |
| 36 |
> > I recorded screen with my video-camera to be sure I did not miss |
| 37 |
> > some message. But I found no trace about iptables being started... |
| 38 |
> |
| 39 |
> I have not set rc_logger in /etc/conf.d/iptables to know if it would make a |
| 40 |
> difference and can confirm that I can clearly see it on my boxen at boot |
| 41 |
> time: |
| 42 |
> |
| 43 |
> * Loading iptables state and starting firewall ... [ ok ] |
| 44 |
> |
| 45 |
> |
| 46 |
> Another thing to check is that it is in the default level: |
| 47 |
> |
| 48 |
> $ eselect rc list | grep iptables |
| 49 |
> iptables default |
| 50 |
> |
| 51 |
> I'm not sure if it would show up, or the message be suppressed if you add |
| 52 |
> it to the boot level. |
| 53 |
|
| 54 |
Just tested this - it does not suppress it in my machine if I set it to boot |
| 55 |
level. Which makes me think ... |
| 56 |
|
| 57 |
Why do wikis and the like suggest that iptables should be in default rather |
| 58 |
than boot runlevel? |
| 59 |
-- |
| 60 |
Regards, |
| 61 |
Mick |
Archives