* [gentoo-user] iptables (not) started?
@ 2013-03-29 18:25 Jarry
2013-03-29 18:43 ` Mick
2013-03-29 19:18 ` Pandu Poluan
0 siblings, 2 replies; 9+ messages in thread
From: Jarry @ 2013-03-29 18:25 UTC (permalink / raw
To: gentoo-user
Hi Gentoo-users,
I noticed one thing on my server: during boot-up no message
about firewall being started is printed on console. I always
have to check manually if iptables-rules have been loaded.
Strange thing, when doing shutdown, I see messages I expect:
* Saving iptables state ... [ ok ]
* Stopping firewall ... [ ok ]
I checked also /etc/init.d/iptables and I think it should
show some messages at start:
start() {
checkconfig || return 1
ebegin "Loading ${iptables_name} state and starting firewall"
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
eend $?
}
Can someone explain to me why this message is not printed?
Jarry
--
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [gentoo-user] iptables (not) started?
2013-03-29 18:25 [gentoo-user] iptables (not) started? Jarry
@ 2013-03-29 18:43 ` Mick
2013-03-29 19:03 ` Jarry
2013-03-29 19:18 ` Pandu Poluan
1 sibling, 1 reply; 9+ messages in thread
From: Mick @ 2013-03-29 18:43 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 985 bytes --]
On Friday 29 Mar 2013 18:25:11 Jarry wrote:
> Hi Gentoo-users,
>
> I noticed one thing on my server: during boot-up no message
> about firewall being started is printed on console. I always
> have to check manually if iptables-rules have been loaded.
> Strange thing, when doing shutdown, I see messages I expect:
>
> * Saving iptables state ... [ ok ]
> * Stopping firewall ... [ ok ]
>
> I checked also /etc/init.d/iptables and I think it should
> show some messages at start:
>
> start() {
> checkconfig || return 1
> ebegin "Loading ${iptables_name} state and starting firewall"
> ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
> eend $?
> }
>
> Can someone explain to me why this message is not printed?
Do you have some other script starting your iptables, rather than the vanilla
/etc/init.d/iptables?
Does '/etc/init.d/iptables status' show that it is running?
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [gentoo-user] iptables (not) started?
2013-03-29 18:43 ` Mick
@ 2013-03-29 19:03 ` Jarry
2013-03-29 19:34 ` Mick
0 siblings, 1 reply; 9+ messages in thread
From: Jarry @ 2013-03-29 19:03 UTC (permalink / raw
To: gentoo-user
On 29-Mar-13 19:43, Mick wrote:
> On Friday 29 Mar 2013 18:25:11 Jarry wrote:
>> Hi Gentoo-users,
>>
>> I noticed one thing on my server: during boot-up no message
>> about firewall being started is printed on console. I always
>> have to check manually if iptables-rules have been loaded.
>> Strange thing, when doing shutdown, I see messages I expect:
>>
>> * Saving iptables state ... [ ok ]
>> * Stopping firewall ... [ ok ]
>>
>> I checked also /etc/init.d/iptables and I think it should
>> show some messages at start:
>>
>> start() {
>> checkconfig || return 1
>> ebegin "Loading ${iptables_name} state and starting firewall"
>> ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
>> eend $?
>> }
>>
>> Can someone explain to me why this message is not printed?
>
> Do you have some other script starting your iptables, rather than the vanilla
> /etc/init.d/iptables?
No.
> Does '/etc/init.d/iptables status' show that it is running?
* status: started
I recorded screen with my video-camera to be sure I did not miss
some message. But I found no trace about iptables being started...
Jarry
--
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [gentoo-user] iptables (not) started?
2013-03-29 19:03 ` Jarry
@ 2013-03-29 19:34 ` Mick
2013-03-29 19:44 ` Mick
0 siblings, 1 reply; 9+ messages in thread
From: Mick @ 2013-03-29 19:34 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 1781 bytes --]
On Friday 29 Mar 2013 19:03:57 Jarry wrote:
> On 29-Mar-13 19:43, Mick wrote:
> > On Friday 29 Mar 2013 18:25:11 Jarry wrote:
> >> Hi Gentoo-users,
> >>
> >> I noticed one thing on my server: during boot-up no message
> >> about firewall being started is printed on console. I always
> >> have to check manually if iptables-rules have been loaded.
> >> Strange thing, when doing shutdown, I see messages I expect:
> >>
> >> * Saving iptables state ... [ ok ]
> >> * Stopping firewall ... [ ok ]
> >>
> >> I checked also /etc/init.d/iptables and I think it should
> >> show some messages at start:
> >>
> >> start() {
> >> checkconfig || return 1
> >> ebegin "Loading ${iptables_name} state and starting firewall"
> >> ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
> >> eend $?
> >> }
> >>
> >> Can someone explain to me why this message is not printed?
> >
> > Do you have some other script starting your iptables, rather than the
> > vanilla /etc/init.d/iptables?
>
> No.
>
> > Does '/etc/init.d/iptables status' show that it is running?
>
> * status: started
>
> I recorded screen with my video-camera to be sure I did not miss
> some message. But I found no trace about iptables being started...
I have not set rc_logger in /etc/conf.d/iptables to know if it would make a
difference and can confirm that I can clearly see it on my boxen at boot time:
* Loading iptables state and starting firewall ... [ ok ]
Another thing to check is that it is in the default level:
$ eselect rc list | grep iptables
iptables default
I'm not sure if it would show up, or the message be suppressed if you add it
to the boot level.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [gentoo-user] iptables (not) started?
2013-03-29 19:34 ` Mick
@ 2013-03-29 19:44 ` Mick
2013-03-29 20:37 ` Neil Bothwick
0 siblings, 1 reply; 9+ messages in thread
From: Mick @ 2013-03-29 19:44 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 2140 bytes --]
On Friday 29 Mar 2013 19:34:39 Mick wrote:
> On Friday 29 Mar 2013 19:03:57 Jarry wrote:
> > On 29-Mar-13 19:43, Mick wrote:
> > > On Friday 29 Mar 2013 18:25:11 Jarry wrote:
> > >> Hi Gentoo-users,
> > >>
> > >> I noticed one thing on my server: during boot-up no message
> > >> about firewall being started is printed on console. I always
> > >> have to check manually if iptables-rules have been loaded.
> > >> Strange thing, when doing shutdown, I see messages I expect:
> > >>
> > >> * Saving iptables state ... [ ok ]
> > >> * Stopping firewall ... [ ok ]
> > >>
> > >> I checked also /etc/init.d/iptables and I think it should
> > >> show some messages at start:
> > >>
> > >> start() {
> > >> checkconfig || return 1
> > >> ebegin "Loading ${iptables_name} state and starting firewall"
> > >> ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
> > >> eend $?
> > >> }
> > >>
> > >> Can someone explain to me why this message is not printed?
> > >
> > > Do you have some other script starting your iptables, rather than the
> > > vanilla /etc/init.d/iptables?
> >
> > No.
> >
> > > Does '/etc/init.d/iptables status' show that it is running?
> >
> > * status: started
> >
> > I recorded screen with my video-camera to be sure I did not miss
> > some message. But I found no trace about iptables being started...
>
> I have not set rc_logger in /etc/conf.d/iptables to know if it would make a
> difference and can confirm that I can clearly see it on my boxen at boot
> time:
>
> * Loading iptables state and starting firewall ... [ ok ]
>
>
> Another thing to check is that it is in the default level:
>
> $ eselect rc list | grep iptables
> iptables default
>
> I'm not sure if it would show up, or the message be suppressed if you add
> it to the boot level.
Just tested this - it does not suppress it in my machine if I set it to boot
level. Which makes me think ...
Why do wikis and the like suggest that iptables should be in default rather
than boot runlevel?
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [gentoo-user] iptables (not) started?
2013-03-29 19:44 ` Mick
@ 2013-03-29 20:37 ` Neil Bothwick
2013-03-29 23:29 ` Mick
0 siblings, 1 reply; 9+ messages in thread
From: Neil Bothwick @ 2013-03-29 20:37 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 391 bytes --]
On Fri, 29 Mar 2013 19:44:14 +0000, Mick wrote:
> Why do wikis and the like suggest that iptables should be in default
> rather than boot runlevel?
Why not? There's no need to start it especially early, as long as it is
running before the network comes up, and the init script takes care of
that.
--
Neil Bothwick
Vuja De: the feeling that you've never been here before.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-user] iptables (not) started?
2013-03-29 20:37 ` Neil Bothwick
@ 2013-03-29 23:29 ` Mick
2013-03-30 0:47 ` Neil Bothwick
0 siblings, 1 reply; 9+ messages in thread
From: Mick @ 2013-03-29 23:29 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 582 bytes --]
On Friday 29 Mar 2013 20:37:20 Neil Bothwick wrote:
> On Fri, 29 Mar 2013 19:44:14 +0000, Mick wrote:
> > Why do wikis and the like suggest that iptables should be in default
> > rather than boot runlevel?
>
> Why not? There's no need to start it especially early, as long as it is
> running before the network comes up, and the init script takes care of
> that.
I haven't seen anything in net.lo that waits for iptables and I seem to recall
that the network interfaces are started before iptables is run, unless I start
iptables at boot level.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-user] iptables (not) started?
2013-03-29 23:29 ` Mick
@ 2013-03-30 0:47 ` Neil Bothwick
0 siblings, 0 replies; 9+ messages in thread
From: Neil Bothwick @ 2013-03-30 0:47 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 685 bytes --]
On Fri, 29 Mar 2013 23:29:39 +0000, Mick wrote:
> > > Why do wikis and the like suggest that iptables should be in default
> > > rather than boot runlevel?
> >
> > Why not? There's no need to start it especially early, as long as it
> > is running before the network comes up, and the init script takes
> > care of that.
>
> I haven't seen anything in net.lo that waits for iptables and I seem to
> recall that the network interfaces are started before iptables is run,
> unless I start iptables at boot level.
The iptables init script contains "before net".
--
Neil Bothwick
Advanced: (adj.) doesn't work yet, but it's pretty close. See: bug,
glitch.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-user] iptables (not) started?
2013-03-29 18:25 [gentoo-user] iptables (not) started? Jarry
2013-03-29 18:43 ` Mick
@ 2013-03-29 19:18 ` Pandu Poluan
1 sibling, 0 replies; 9+ messages in thread
From: Pandu Poluan @ 2013-03-29 19:18 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 702 bytes --]
On Mar 30, 2013 1:27 AM, "Jarry" <mr.jarry@gmail.com> wrote:
>
> Hi Gentoo-users,
>
> I noticed one thing on my server: during boot-up no message
> about firewall being started is printed on console. I always
> have to check manually if iptables-rules have been loaded.
> Strange thing, when doing shutdown, I see messages I expect:
>
> * Saving iptables state ... [ ok ]
> * Stopping firewall ... [ ok ]
Slightly tangential to the subject, but related...
I personally prefer *not* to automatically save iptables rules on shutdown.
That way, if I made some stupid mistake, a reboot restores the system to
the "LKGC" (Last Known Good Configuration)...
Rgds,
--
[-- Attachment #2: Type: text/html, Size: 921 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2013-03-30 0:47 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-03-29 18:25 [gentoo-user] iptables (not) started? Jarry
2013-03-29 18:43 ` Mick
2013-03-29 19:03 ` Jarry
2013-03-29 19:34 ` Mick
2013-03-29 19:44 ` Mick
2013-03-29 20:37 ` Neil Bothwick
2013-03-29 23:29 ` Mick
2013-03-30 0:47 ` Neil Bothwick
2013-03-29 19:18 ` Pandu Poluan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox