From: /dev/rob0 <rob0@gmx.co.uk>
To: NetFilter <netfilter@lists.netfilter.org>
Subject: Re: /etc/sysconfig/iptables does not load on reboot
Date: Mon, 4 Jul 2005 09:37:25 -0500 [thread overview]
Message-ID: <200507040937.25404.rob0@gmx.co.uk> (raw)
In-Reply-To: <NEBBKBPLMLNABNADCIPAAEGKBDAB.dleangen@canada.com>
On Monday 04 July 2005 09:17, David Leangen wrote:
> Thanks for all the helpful hints!
>
> > Same kernel?
>
> goodhost=2.6.9-1.667smp
> badhost=2.6.9-1.667
>
> Not sure what the "smp" is.
Probably "symmetric multi-processor", a kernel enabled for multiple
CPU's. It could be that you have found a Fedora bug.
> I will try loading on badhost the version with the same kernel on
> goodhost and see if that fixes the problem.
If badhost only has one CPU it's wasteful to have SMP support, but as
implied above, it could be a kernel configuration bug relating to the
non-SMP kernel.
> Now that you've helped me to realise that I'm not using the same
> kernel, I'll try that first, and if the problem persits go on to all
> your other helpful suggestions. My only problem is that I won't have
I'm sticking to my guess. The rules which did not load (if I read it
correctly from the diff) all used --protocol extensions.
I know little of netfilter / iptables internals. I don't know where
those extensions load from ... [WHAM] ouch, I was just hit by an
inspiration.
Firewall loads before mount -a; probably at that point only the root
filesystem is mounted. If the match extensions are on /usr, we can't
get to them. I bet badhost has a separate /usr partition and goodhost
has /usr on the rootfs.
If so, yes, this is an OS bug. And don't just write set to a file, do
"mount > /root/firewall-mounted-fs" too. (I hope /root isn't a symlink
or otherwise on a different FS.)
> Mother's maiden name: Ima Galible
:)
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
next prev parent reply other threads:[~2005-07-04 14:37 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.NEB.4.62.0507020637440.20364@ukato.freeshell.org>
2005-07-02 6:43 ` /etc/sysconfig/iptables does not load on reboot David Leangen
2005-07-02 7:35 ` tahmeed
2005-07-02 7:53 ` David Leangen
2005-07-02 8:35 ` Navneet Choudhary
2005-07-02 8:49 ` David Leangen
2005-07-02 8:39 ` /dev/rob0
2005-07-02 8:49 ` David Leangen
2005-07-04 11:13 ` David Leangen
2005-07-04 13:39 ` /dev/rob0
2005-07-04 14:17 ` David Leangen
2005-07-04 14:37 ` /dev/rob0 [this message]
2005-07-04 14:54 ` David Leangen
2005-07-09 16:20 ` David Leangen
2005-07-10 2:40 ` curby .
2005-07-10 10:06 ` David Leangen
[not found] <Pine.NEB.4.62.0507020558110.8849@ukato.freeshell.org>
2005-07-02 6:32 ` David Leangen
2005-07-02 2:53 David Leangen
2005-07-02 5:44 ` tahmeed
2005-07-02 5:49 ` David Leangen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200507040937.25404.rob0@gmx.co.uk \
--to=rob0@gmx.co.uk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.