hi all

hi all

[Alberto Negri]

hi all,

i post here after spoke with people into #iptables irc channel 
in particular with "Taube". At the end of my problem explanation 
he suggested me to use a script instead of iptables-{save,restore}
commands, but reading iptables tutorial in particular here:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#SAVEANDRESTORE
i get the advice to use iptables-{save,restore} instead of a bash script...now i 
thought to post here...
So now my problem: 

Using iptables-{save,restore} on a gentoo box iptables crashes at start up. 
my error message(doing /etc/init.d/iptables start):

 * Caching service
dependencies ...
[ ok ]
 * Loading iptables state and starting firewall ...
/etc/init.d/iptables: line 57:  9820 Segmentation fault
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS}
<"${iptables_save}"                                                          [ !! ]

where my iptables rule file is(cat /etc/conf.d/iptables| grep -v ^$ | grep -v ^#):

IPTABLES_SAVE="/var/lib/iptables/firewall"
SAVE_RESTORE_OPTIONS="-c"
SAVE_ON_STOP="yes"

contents of firewall file(cat /var/lib/iptables/firewall)[i dropped some my comments, starting with 
'#' before post]:
(Taube told me it is right...anyway i post it)
# Generated by iptables-save v1.3.5 on Sun Oct  8 18:08:12 2006
*raw
:PREROUTING ACCEPT
:OUTPUT ACCEPT
COMMIT
# Completed on Sun Oct  8 18:08:12 2006
# Generated by iptables-save v1.3.5 on Sun Oct  8 18:08:12 2006
*nat
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
:OUTPUT ACCEPT
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Sun Oct  8 18:08:12 2006
# Generated by iptables-save v1.3.5 on Sun Oct  8 18:08:12 2006
*mangle
:PREROUTING ACCEPT
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
COMMIT
# Completed on Sun Oct  8 18:08:12 2006
# Generated by iptables-save v1.3.5 on Sun Oct  8 18:08:12 2006
*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT DROP
:INBOUND -
:LOG_FILTER -
:LSI -
:LSO -
:OUTBOUND -
-A INPUT -p tcp -m tcp --dport 2001 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2667 -j ACCEPT
-A INPUT -p icmp -m limit --limit 10/min -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 193.70.192.25 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 193.70.192.25 -p udp -j ACCEPT
-A INPUT -s 212.48.4.15 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 212.48.4.15 -p udp -j ACCEPT
-A INPUT -s 62.211.69.150 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 62.211.69.150 -p udp -j ACCEPT
-A INPUT -s 62.101.80.80 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 62.101.80.80 -p udp -j ACCEPT
-A INPUT -s 130.136.1.110 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 130.136.1.110 -p udp -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -o ppp0 -j OUTBOUND
-A OUTPUT -o eth1 -j OUTBOUND
-A OUTPUT -d 193.70.192.25 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -d 193.70.192.25 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 212.48.4.15 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -d 212.48.4.15 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 62.211.69.150 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -d 62.211.69.150 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 62.101.80.80 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -d 62.101.80.80 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 130.136.1.110 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -d 130.136.1.110 -p udp -m udp --dport 53 -j ACCEPT
-A OUTBOUND -j ACCEPT
COMMIT
# Completed on Sun Oct  8 18:08:12 2006


where those are DNS:
193.70.192.25
212.48.4.15
62.211.69.150
62.101.80.80
130.136.1.110

theese are my gentoo configurations options(emerge --info):

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 1800+
Gentoo Base System version 1.12.5
Last Sync: Sun, 15 Oct 2006 10:30:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-mtune=athlon-xp -march=athlon-xp -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config 
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ 
/usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-mtune=athlon-xp -march=athlon-xp -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks fixpackages metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="ftp://lug.mtu.edu/gentoo http://mirror.phy.olemiss.edu/mirror/gentoo 
http://mirror.mcs.anl.gov/pub/gentoo/ http://mirror.uni-c.dk/pub/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ ftp://trumpetti.atm.tut.fi/gentoo/ 
http://pandemonium.tiscali.de/pub/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ http://gentoo.intergenia.de ftp://files.gentoo.org http://files.gentoo.org ftp://ftp.ntua.gr/pub/linux/gentoo/ http://ftp.ntua.gr/pub/linux/gentoo/ ftp://ftp.uoi.gr/mirror/OS/gentoo/ 
http://ftp.uoi.gr/mirror/OS/gentoo/ http://ftp.physics.auth.gr/pub/mirrors/gentoo/ ftp://ftp.physics.auth.gr/pub/mirrors/gentoo/ ftp://mirror.scarlet-internet.nl/pub/gentoo 
http://mirror.gentoo.no/ http://darkstar.ist.utl.pt/gentoo/ ftp://darkstar.ist.utl.pt/pub/gentoo/ http://mirror.switch.ch/ftp/mirror/gentoo/ ftp://mirror.switch.ch/mirror/gentoo/ ftp://ftp.solnet.ch/mirror/Gentoo http://gentoo.mirror.solnet.ch http://ftp.twaren.net/Linux/Gentoo/ ftp://ftp.twaren.net/Linux/Gentoo/ http://ftp.ncnu.edu.tw/Linux/Gentoo/ ftp://ftp.ncnu.edu.tw/Linux/Gentoo/ "
LINGUAS="it"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/overlays/xgl-coffee /usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowex X alsa arts cairo crypt cups dhcp elibc_glibc glitz gmp hal input_devices_keyboard input_devices_mouse kde kernel_linux linguas_it mmx mmxext mp3 mpeg2 mpeg4 nls nptl nvidia opengl pnp readline sse ssl userland_GNU video_cards_nvidia video_cards_vesa vorbis xmms"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS

As into guide is written that iptables-{save,restore} tools are not 
sufficiently test as there are not sufficiently user that try them...
i'm here :D 
I hope to give you some help to discover bugs(if it's not an error of mine ;) )...and i'm sorry if i 
make you lose your time. 
Thanks all in advance.
Alberto

-- 
Undergraduate student at Computer Science, University of Bologna.
Icq number: 79465051
Web page: www.cs.unibo.it/~negri
Gpg-id: 1024D/E96025D7
Fingerprint: 2C6A 3E88 05AB 5B21 82E8  4A80 C357 1E37 E960 25D7

 

Re: hi all

[Alberto Negri]

On Sun, 15 Oct 2006 17:15:23 +0000
Alberto Negri <negri@cs.unibo.it> wrote:

any suggestions? 
am i wrong Mailing list? 
ping :)
Alberto

> hi all,
> 
> i post here after spoke with people into #iptables irc channel 
> in particular with "Taube". At the end of my problem explanation 
> he suggested me to use a script instead of iptables-{save,restore}
> commands, but reading iptables tutorial in particular here:
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html#SAVEANDRESTORE
> i get the advice to use iptables-{save,restore} instead of a bash script...now i 
> thought to post here...
> So now my problem: 
> 
> Using iptables-{save,restore} on a gentoo box iptables crashes at start up. 
> my error message(doing /etc/init.d/iptables start):
> 
>  * Caching service
> dependencies ...
> [ ok ]
>  * Loading iptables state and starting firewall ...
> /etc/init.d/iptables: line 57:  9820 Segmentation fault
> ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS}
> <"${iptables_save}"                                                          [ !! ]
> 
> where my iptables rule file is(cat /etc/conf.d/iptables| grep -v ^$ | grep -v ^#):
> 
> IPTABLES_SAVE="/var/lib/iptables/firewall"
> SAVE_RESTORE_OPTIONS="-c"
> SAVE_ON_STOP="yes"
> 
> contents of firewall file(cat /var/lib/iptables/firewall)[i dropped some my comments, starting with 
> '#' before post]:
> (Taube told me it is right...anyway i post it)
> # Generated by iptables-save v1.3.5 on Sun Oct  8 18:08:12 2006
> *raw
> :PREROUTING ACCEPT
> :OUTPUT ACCEPT
> COMMIT
> # Completed on Sun Oct  8 18:08:12 2006
> # Generated by iptables-save v1.3.5 on Sun Oct  8 18:08:12 2006
> *nat
> :PREROUTING ACCEPT
> :POSTROUTING ACCEPT
> :OUTPUT ACCEPT
> -A POSTROUTING -o ppp0 -j MASQUERADE
> COMMIT
> # Completed on Sun Oct  8 18:08:12 2006
> # Generated by iptables-save v1.3.5 on Sun Oct  8 18:08:12 2006
> *mangle
> :PREROUTING ACCEPT
> :INPUT ACCEPT
> :FORWARD ACCEPT
> :OUTPUT ACCEPT
> :POSTROUTING ACCEPT
> COMMIT
> # Completed on Sun Oct  8 18:08:12 2006
> # Generated by iptables-save v1.3.5 on Sun Oct  8 18:08:12 2006
> *filter
> :INPUT DROP
> :FORWARD DROP
> :OUTPUT DROP
> :INBOUND -
> :LOG_FILTER -
> :LSI -
> :LSO -
> :OUTBOUND -
> -A INPUT -p tcp -m tcp --dport 2001 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2667 -j ACCEPT
> -A INPUT -p icmp -m limit --limit 10/min -j ACCEPT
> -A INPUT -i eth1 -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -s 193.70.192.25 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 193.70.192.25 -p udp -j ACCEPT
> -A INPUT -s 212.48.4.15 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 212.48.4.15 -p udp -j ACCEPT
> -A INPUT -s 62.211.69.150 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 62.211.69.150 -p udp -j ACCEPT
> -A INPUT -s 62.101.80.80 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 62.101.80.80 -p udp -j ACCEPT
> -A INPUT -s 130.136.1.110 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 130.136.1.110 -p udp -j ACCEPT
> -A FORWARD -j ACCEPT
> -A OUTPUT -o ppp0 -j OUTBOUND
> -A OUTPUT -o eth1 -j OUTBOUND
> -A OUTPUT -d 193.70.192.25 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 193.70.192.25 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 212.48.4.15 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 212.48.4.15 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.211.69.150 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.211.69.150 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.101.80.80 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.101.80.80 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 130.136.1.110 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 130.136.1.110 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTBOUND -j ACCEPT
> COMMIT
> # Completed on Sun Oct  8 18:08:12 2006
> 
> 
> where those are DNS:
> 193.70.192.25
> 212.48.4.15
> 62.211.69.150
> 62.101.80.80
> 130.136.1.110
> 
> theese are my gentoo configurations options(emerge --info):
> 
> Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686)
> =================================================================
> System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 1800+
> Gentoo Base System version 1.12.5
> Last Sync: Sun, 15 Oct 2006 10:30:01 +0000
> distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
> ccache version 2.3 [enabled]
> app-admin/eselect-compiler: [Not Present]
> dev-java/java-config: 1.3.7, 2.0.30
> dev-lang/python:     2.4.3-r4
> dev-python/pycrypto: 2.0.1-r5
> dev-util/ccache:     2.3
> dev-util/confcache:  [Not Present]
> sys-apps/sandbox:    1.2.17
> sys-devel/autoconf:  2.13, 2.59-r7
> sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
> sys-devel/binutils:  2.16.1-r3
> sys-devel/gcc-config: 1.3.13-r4
> sys-devel/libtool:   1.5.22
> virtual/os-headers:  2.6.17-r1
> ACCEPT_KEYWORDS="x86"
> AUTOCLEAN="yes"
> CBUILD="i686-pc-linux-gnu"
> CFLAGS="-mtune=athlon-xp -march=athlon-xp -O2 -pipe"
> CHOST="i686-pc-linux-gnu"
> CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config 
> /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ 
> /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
> CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
> CXXFLAGS="-mtune=athlon-xp -march=athlon-xp -O2 -pipe"
> DISTDIR="/usr/portage/distfiles"
> FEATURES="autoconfig ccache distlocks fixpackages metadata-transfer sandbox sfperms strict"
> GENTOO_MIRRORS="ftp://lug.mtu.edu/gentoo http://mirror.phy.olemiss.edu/mirror/gentoo 
> http://mirror.mcs.anl.gov/pub/gentoo/ http://mirror.uni-c.dk/pub/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ ftp://trumpetti.atm.tut.fi/gentoo/ 
> http://pandemonium.tiscali.de/pub/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ http://gentoo.intergenia.de ftp://files.gentoo.org http://files.gentoo.org ftp://ftp.ntua.gr/pub/linux/gentoo/ http://ftp.ntua.gr/pub/linux/gentoo/ ftp://ftp.uoi.gr/mirror/OS/gentoo/ 
> http://ftp.uoi.gr/mirror/OS/gentoo/ http://ftp.physics.auth.gr/pub/mirrors/gentoo/ ftp://ftp.physics.auth.gr/pub/mirrors/gentoo/ ftp://mirror.scarlet-internet.nl/pub/gentoo 
> http://mirror.gentoo.no/ http://darkstar.ist.utl.pt/gentoo/ ftp://darkstar.ist.utl.pt/pub/gentoo/ http://mirror.switch.ch/ftp/mirror/gentoo/ ftp://mirror.switch.ch/mirror/gentoo/ ftp://ftp.solnet.ch/mirror/Gentoo http://gentoo.mirror.solnet.ch http://ftp.twaren.net/Linux/Gentoo/ ftp://ftp.twaren.net/Linux/Gentoo/ http://ftp.ncnu.edu.tw/Linux/Gentoo/ ftp://ftp.ncnu.edu.tw/Linux/Gentoo/ "
> LINGUAS="it"
> MAKEOPTS="-j2"
> PKGDIR="/usr/portage/packages"
> PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
> PORTAGE_TMPDIR="/var/tmp"
> PORTDIR="/usr/portage"
> PORTDIR_OVERLAY="/usr/local/overlays/xgl-coffee /usr/local/portage"
> SYNC="rsync://rsync.gentoo.org/gentoo-portage"
> USE="x86 3dnow 3dnowex X alsa arts cairo crypt cups dhcp elibc_glibc glitz gmp hal input_devices_keyboard input_devices_mouse kde kernel_linux linguas_it mmx mmxext mp3 mpeg2 mpeg4 nls nptl nvidia opengl pnp readline sse ssl userland_GNU video_cards_nvidia video_cards_vesa vorbis xmms"
> Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
> 
> As into guide is written that iptables-{save,restore} tools are not 
> sufficiently test as there are not sufficiently user that try them...
> i'm here :D 
> I hope to give you some help to discover bugs(if it's not an error of mine ;) )...and i'm sorry if i 
> make you lose your time. 
> Thanks all in advance.
> Alberto
> 
> -- 
> Undergraduate student at Computer Science, University of Bologna.
> Icq number: 79465051
> Web page: www.cs.unibo.it/~negri
> Gpg-id: 1024D/E96025D7
> Fingerprint: 2C6A 3E88 05AB 5B21 82E8  4A80 C357 1E37 E960 25D7
> 
>  
> 


-- 
Undergraduate student at Computer Science, University of Bologna.
Icq number: 79465051
Web page: www.cs.unibo.it/~negri
Gpg-id: 1024D/E96025D7
Fingerprint: 2C6A 3E88 05AB 5B21 82E8  4A80 C357 1E37 E960 25D7

 

Re: hi all

[Rob Sterenborg]

On Mon, October 16, 2006 13:02, Alberto Negri wrote:
> On Sun, 15 Oct 2006 17:15:23 +0000
> Alberto Negri <negri@cs.unibo.it> wrote:
>
>
> any suggestions? am i wrong Mailing list? ping :) Alberto
>
>> hi all,
>>
>> i post here after spoke with people into #iptables irc channel in particular
>> with "Taube". At the end of my problem explanation he suggested me to use a
>> script instead of iptables-{save,restore} commands, but reading iptables
>> tutorial in particular here:
>> http://iptables-tutorial.frozentux.net/iptables-tutorial.html#SAVEANDRESTOR
>> E i get the advice to use iptables-{save,restore} instead of a bash
>> script...now i thought to post here... So now my problem:
>>
>> Using iptables-{save,restore} on a gentoo box iptables crashes at start up.
>>  my error message(doing /etc/init.d/iptables start):

[Snip lots of info]

I thought that the main benefit of these script was speed when
saving/restoring rules (someone please correct me if I'm wrong). I don't think
your ruleset is big enough to notice the difference.

If you're having trouble using iptables-[save|restore] then you can create
your own script: it's just a matter of preference.


Gr,
Rob

Re: hi all

[Alberto Negri]

On Mon, 16 Oct 2006 13:57:39 +0200 (CEST)
"Rob Sterenborg" <rob@sterenborg.info> wrote:

LOG_LEVEL=1 :D

The most difficult thing speaking with expert linux user is setup the right log_level :D (when you don't post infos other says you: "post same datails...how do you think we can help you without them?", when you post too many datails...)
Anyway thanks for your replay, Rob! ;)
So debug of those tools will be neglected? 

Thanks all in particular at Rob 
Al

P.S.: the point was not to make my firewall working...the point is understanding why those tools does not work. ;) but if that does not interest at netfilter mailing list...

P.P.S.: sorry for my bad english :P

> On Mon, October 16, 2006 13:02, Alberto Negri wrote:
> > On Sun, 15 Oct 2006 17:15:23 +0000
> > Alberto Negri <negri@cs.unibo.it> wrote:
> >
> >
> > any suggestions? am i wrong Mailing list? ping :) Alberto
> >
> >> hi all,
> >>
> >> i post here after spoke with people into #iptables irc channel in particular
> >> with "Taube". At the end of my problem explanation he suggested me to use a
> >> script instead of iptables-{save,restore} commands, but reading iptables
> >> tutorial in particular here:
> >> http://iptables-tutorial.frozentux.net/iptables-tutorial.html#SAVEANDRESTOR
> >> E i get the advice to use iptables-{save,restore} instead of a bash
> >> script...now i thought to post here... So now my problem:
> >>
> >> Using iptables-{save,restore} on a gentoo box iptables crashes at start up.
> >>  my error message(doing /etc/init.d/iptables start):
> 
> [Snip lots of info]
> 
> I thought that the main benefit of these script was speed when
> saving/restoring rules (someone please correct me if I'm wrong). I don't think
> your ruleset is big enough to notice the difference.
> 
> If you're having trouble using iptables-[save|restore] then you can create
> your own script: it's just a matter of preference.
> 
> 
> Gr,
> Rob
> 
> 
> 


-- 
Undergraduate student at Computer Science, University of Bologna.
Icq number: 79465051
Web page: www.cs.unibo.it/~negri
Gpg-id: 1024D/E96025D7
Fingerprint: 2C6A 3E88 05AB 5B21 82E8  4A80 C357 1E37 E960 25D7

 

Re: hi all

[Rob Sterenborg]

On Mon, October 16, 2006 14:24, Alberto Negri wrote:
> LOG_LEVEL=1 :D
>
>
> The most difficult thing speaking with expert linux user is setup the right
> log_level :D (when you don't post infos other says you: "post same
> datails...how do you think we can help you without them?", when you post too
> many datails...) Anyway thanks for your replay, Rob! ;)

In fact I wasn't really helping you and for my answer the information was not
relevant; also, your problem didn't go away (yet?). :-)
I was responding to what people suggested and I suggest that if you're having
a problem using iptables-[save|restore] you can write a script that works for
you.

> So debug of those tools will be neglected?

I don't know if it is. (Can't imagine, but this is a user list; not developer)

> P.S.: the point was not to make my firewall working...the point is
> understanding why those tools does not work. ;) but if that does not interest
> at netfilter mailing list...

Well, I'm not using it so no: I'm not really that interested. But others may
be. ;-)
The latest version of iptables is 1.3.6. Since you're using 1.3.5, the latest
version may solve your problem with iptables-[save|restore].



Grts,
Rob

Re: hi all

[Alberto Negri]

On Mon, 16 Oct 2006 14:51:57 +0200 (CEST)
"Rob Sterenborg" <rob@sterenborg.info> wrote:

> In fact I wasn't really helping you and for my answer the information was not
> relevant; also, your problem didn't go away (yet?). :-)
> I was responding to what people suggested and I suggest that if you're having
> a problem using iptables-[save|restore] you can write a script that works for
> you.

Really i has no problem...as like you suggesed me(the same suggestion of Taube) i wrote a 
scritp. I was interested in helping netfilter comunity...as "i has a bug" (not sure ;) ).
 
> > So debug of those tools will be neglected?
> 
> I don't know if it is. (Can't imagine, but this is a user list; not developer)

You're right...but before spam into devel ml, i decided to spam here :D
Hearing some expert user is always better ;)
 
> > P.S.: the point was not to make my firewall working...the point is
> > understanding why those tools does not work. ;) but if that does not interest
> > at netfilter mailing list...
> 
> Well, I'm not using it so no: I'm not really that interested. But others may
> be. ;-)
> The latest version of iptables is 1.3.6. Since you're using 1.3.5, the latest
> version may solve your problem with iptables-[save|restore].

Ok...but before i'll see changelog ;)

Do you think that this problem could be interesting for developers? 
Is there some way to let it see at some devel before posting (and probably spamming) on devel
mailing list?

> Grts,
> Rob

thanks and bye
Alberto

 

Re: hi all

[Martijn Lievaart]

Alberto Negri wrote:

>Ok...but before i'll see changelog ;)
>
>Do you think that this problem could be interesting for developers? 
>Is there some way to let it see at some devel before posting (and probably spamming) on devel
>mailing list?
>
>  
>

By all means, post it to the netfilter-devel list, but after you tried 
1.3.6. If it is a real bug, and it's still there, that is the fastest 
way of getting it solved. Apart from fixing it yourself, that is.

M4