[pkg-netfilter-team] Bug#892951: iptables rules loaded via iptables-restore ....rules.v4 are dropped every few minutes.

g.smyli g.smyli at nym.hush.com
Wed Mar 14 19:39:38 UTC 2018 

Package: iptables
Version: 1.6.0+snapshot20161117-6
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
I believe the problem existed after fresh netinstall of Debian Stretch with xfce destop but I am not sure exactly when I \
began to notice iptables problem. I added skolelinux desktop which took over boot but is still xfce so I didn't mind. Being \
rather security conscious I'm sure I would setup iptables with rules right away.
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
I made rules for iptables. I noticed I had problems loading the rules up at boot. Tried netfilter-persistent, \
tried a script in rc.local maybe a couple of other efforts (installed apf, uninstalled apf netfilter-persistent, reinstall \
iptables and netfilter-persistent...) most things I tried usually worked for a few boots but would then would\
randomly fail. The most dependable thing I have found is to be disconnected from the network by default and place a preprocessing iptables startup script \
in wicd which loads the rules before network is brought up. Eventually I discovered the loaded rules would disapper after a few minutes. This \
happens whether I am browsing the internet or not or in fact not doing anything.
I just tried to gdebi the latest package iptables_1.6.1-2~bpo9+1_amd64.deb but that was uninstallable due to an incompatible library.

   Rquired outcome is of course to load the rules and depend on them to be stable.


Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages iptables depends on:
ii  libc6                    2.24-11+deb9u3
ii  libip4tc0                1.6.0+snapshot20161117-6
ii  libip6tc0                1.6.0+snapshot20161117-6
ii  libiptc0                 1.6.0+snapshot20161117-6
ii  libnetfilter-conntrack3  1.0.6-2
ii  libnfnetlink0            1.0.1-3
ii  libxtables12             1.6.0+snapshot20161117-6

iptables recommends no packages.

Versions of packages iptables suggests:
ii  kmod  23-2

-- no debconf information

More information about the pkg-netfilter-team mailing list