[pkg-netfilter-team] Bug#892951: iptables rules loaded via iptables-restore ....rules.v4 are dropped every few minutes.
Arturo Borrero Gonzalez
arturo at debian.org
Fri Dec 28 14:39:35 GMT 2018
On Wed, 14 Mar 2018 12:39:38 -0700 "g.smyli" <g.smyli at nym.hush.com> wrote:
> Package: iptables
> Version: 1.6.0+snapshot20161117-6
> Severity: normal
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
> * What led up to the situation?
> I believe the problem existed after fresh netinstall of Debian Stretch with xfce destop but I am not sure exactly when I \
> began to notice iptables problem. I added skolelinux desktop which took over boot but is still xfce so I didn't mind. Being \
> rather security conscious I'm sure I would setup iptables with rules right away.
> * What exactly did you do (or not do) that was effective (or
> ineffective)?
> I made rules for iptables. I noticed I had problems loading the rules up at boot. Tried netfilter-persistent, \
> tried a script in rc.local maybe a couple of other efforts (installed apf, uninstalled apf netfilter-persistent, reinstall \
> iptables and netfilter-persistent...) most things I tried usually worked for a few boots but would then would\
> randomly fail. The most dependable thing I have found is to be disconnected from the network by default and place a preprocessing iptables startup script \
> in wicd which loads the rules before network is brought up. Eventually I discovered the loaded rules would disapper after a few minutes. This \
> happens whether I am browsing the internet or not or in fact not doing anything.
> I just tried to gdebi the latest package iptables_1.6.1-2~bpo9+1_amd64.deb but that was uninstallable due to an incompatible library.
>
> Rquired outcome is of course to load the rules and depend on them to be stable.
>
>
mmm iptables can't automatically delete rules. There should be something
else deleting the rules or messing with the firewall (your own rc.local
script, or netfilter-persistent, perhaps?).
Anyway, that's not a bug in iptables itself.
Thanks for reporting the issue though!
More information about the pkg-netfilter-team
mailing list