Re: Problem starting iptables on FC3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks to both of you for the information. That will be very helpful. 

I see now I may have a different (minor) problem. The firewall is starting up 
properly after running the FWBuilder script. It is only the status that 
reports it is down, which is why I was trying to start myself. 

I am able to confirm it is working by adding logging options to rules, so I 
can see that activity is being logged in /var/log/messages. 

I guess my only real problem is that when I execute an: â/sbin/service 
iptables statusâ it always reports the status as âstoppedâ, even when it is 
working. 

===


On Sun January 2 2005 11:45 pm, Jeff Vian wrote:
> On Sun, 2005-01-02 at 20:35 -0800, Stephen Walton wrote:
> > fedora-list@xxxxxxxxxxxxxx wrote:
> > >When I try to start iptables it simply fails with no errors and nothing
> > >in /var/log/messages. If I try to load it after running the (fwbuilder
> > >generated) script it starts and the stops immediately.
> >
> > The /etc/rc.d/init.d/iptables script assumes that your firewall setup is
> > in /etc/sysconfig/iptables.  If you are using Firewall Builder (I do and
> > highly recommend it for all but the simplest setups), its script is self
> > contained:  it first resets iptables and then installs the settings you
> > specified in fwbuilder.  If you type  "/sbin/service iptables start"
> > after running your fwbuilder script, it will (probably) screw things up
> > as it will try to add the setup in /etc/sysconfig on top of the
> > fwbuilder settings.  "/sbin/service iptables stop" is still useful even
> > if you're using fwbuilder, as it will in effect turn off the firewall by
> > resetting everything to its defaults.
>
> One additional note here, and yes, I also use fwbuilder to configure my
> firewall.
>
> Stephen, you are correct as far as you go, but that approach means you
> MUST rerun the fwbuilder script everytime you reboot or even if you just
> stop iptables and want to restart it.
>
> To eliminate the problem with doing a service iptables start and having
> your fwbuilder configuration erased, a simple step that only needs to be
> done when the fwbuilder config is first installed or changed would be to
> do a 2 step process.
>
> 1. Install your fwbuilder script and verify it using iptables -L to see
> the settings.
> 2. Save those settings to /etc/sysconfig/iptables using "service
> iptables save".
>
> After step 2 is completed and verified, then you never need to run the
> fwbuilder script again unless it is changed.  A simple reboot will
> automatically reload the last one saved when iptables is started.
>
> If you make a change to the fwbuilder script, then repeat the process
> above and you are good to go.
>
> The alternative to this approach is likely that you added into some
> script such as rc.local a command to run the fwbuilder script.  The
> problem with doing that is that iptables is by default activated before
> the network is enabled and halted after the network is disabled.
> Running it from some userland script or from somewhere such as rc.local
> makes it get activated  at a different time in the startup than default,
> and my approach allows the default scripts to control the timing of the
> firewall startup.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux