Re: iptables has amnesia :-)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Don Russell wrote:
> Mikkel L. Ellertson wrote:
>> Try running "service ip6tables save" as well, and see if that helps.
>>  Also, check the date/contents of /etc/sysconfig/iptables to make
>> sure your changes are being saved. If not, look for a selinux
>> message in the logs about it...
>>
>> Mikkel
>>   
> 
> I did check the contents of /etc/sysconfig/iptables before and did see
> the new rules there....
> 
> Using "service ip6tables save" seems to have "done the trick".... is
> that WAD, or is that bugzilla-able :-)
> 
Not exactly a WAG, but not based on personal experience. (I have IP6
turned off on the local network...) It is more troubleshooting
experience that gives me ideas on what to try. Something on the
order of asking yourself what can be affecting firewall rules. Start
with the easy things - iptables, ip6 tables. Check to make sure
selinux is not blocking re-writing the rewriting of the rules.

If saving the changes to ip6tables "fixes" the problem, as it look
like it did here, then it looks like there needs to be a change so
that "service iptables save" updates ip6tables if they are going to
affect the rules as well. (And the reverse - saving ip6tables should
also save iptables.) But I am wondering why the default rules are
being restored. I am on shaky ground here, because I have not looked
at the network scripts for a while. Is it because of the DHCP lease
getting renewed, the network connection dropping, and being
restored, or something else? I can see the rules needing to be
reloaded if you get a new IP address. But not just because the lease
was renewed.

I see that you have filed a bug report, so hopefully this will be
answered by the people that really know the network scripts...

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux