From: "David Leangen" <dleangen@canada.com>
To: netfilter@lists.netfilter.org
Subject: RE: /etc/sysconfig/iptables does not load on reboot
Date: Mon, 4 Jul 2005 20:13:25 +0900 [thread overview]
Message-ID: <NEBBKBPLMLNABNADCIPACEGEBDAB.dleangen@canada.com> (raw)
In-Reply-To: <NEBBKBPLMLNABNADCIPAGEDABDAB.dleangen@canada.com>
Hello!
> > RH/FC and such like to hide information from the user. You can add
> > some shell code to your startup scripts which redirect more verbose
> > output to files. In this case maybe some echo commands to show
> > which file is being fed to iptables-restore.
Well, I did little more digging. Although I see more and more what's going
on, I'm understanding less and less.
I have two machines on which I freshly installed FC3, in the exaclty the
same way, with minimal packages. Since I installed FC3 exactly the same way,
it should behave the same way on both systems, right? Well, not so. That's
the first point I do not understand.
On one machine ("goodhost"), everything works exactly as expected.
On the misbehaving machine, however, ("badhost"), I noticed that contrary to
what I mentioned in my previous posts, /etc/sysconfig/iptables does indeed
appear to get loaded at system startup.
However, IT DOES NOT GET LOADED THE SAME WAY!!
Why is that? Why would the same file not get loaded the same way on startup
as it does when running iptables-restore afterward? And why does it work on
one machine, but not on another with the same installation? I've tried on a
few different firewall rules files, and the same thing always seems to
happen. I even tried with the default RedHat firewall rules. The diff of
'iptables-L' between the two (firewall loaded at startup vs. firewall loaded
afterward with iptables-restore) is below.
Any ideas about this very strange situation? Any help would be most
appreciated!
< RH-Firewall-1-INPUT all -- anywhere anywhere
---
> DROP tcp -- anywhere anywhere tcp
dpts:0:1023
> DROP udp -- anywhere anywhere udp
dpts:0:1023
> DROP tcp -- anywhere anywhere tcp
flags:SYN,RST,ACK/SYN
> DROP icmp -- anywhere anywhere icmp
echo-request
5c8
< Chain FORWARD (policy ACCEPT)
---
> Chain FORWARD (policy DROP)
7d9
< RH-Firewall-1-INPUT all -- anywhere anywhere
12c14
< Chain RH-Firewall-1-INPUT (2 references)
---
> Chain RH-Firewall-1-INPUT (0 references)
next prev parent reply other threads:[~2005-07-04 11:13 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.NEB.4.62.0507020637440.20364@ukato.freeshell.org>
2005-07-02 6:43 ` /etc/sysconfig/iptables does not load on reboot David Leangen
2005-07-02 7:35 ` tahmeed
2005-07-02 7:53 ` David Leangen
2005-07-02 8:35 ` Navneet Choudhary
2005-07-02 8:49 ` David Leangen
2005-07-02 8:39 ` /dev/rob0
2005-07-02 8:49 ` David Leangen
2005-07-04 11:13 ` David Leangen [this message]
2005-07-04 13:39 ` /dev/rob0
2005-07-04 14:17 ` David Leangen
2005-07-04 14:37 ` /dev/rob0
2005-07-04 14:54 ` David Leangen
2005-07-09 16:20 ` David Leangen
2005-07-10 2:40 ` curby .
2005-07-10 10:06 ` David Leangen
[not found] <Pine.NEB.4.62.0507020558110.8849@ukato.freeshell.org>
2005-07-02 6:32 ` David Leangen
2005-07-02 2:53 David Leangen
2005-07-02 5:44 ` tahmeed
2005-07-02 5:49 ` David Leangen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=NEBBKBPLMLNABNADCIPACEGEBDAB.dleangen@canada.com \
--to=dleangen@canada.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.