Re: how uncover what start iptables?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Frantisek Hanzlik pise:
> > Try if
> > grep -r Requires=iptables.service /lib/systemd
> > can be of any help to you.
> 
> In /lib/systemd/ and /etc/systemd/ no service requires iptables.
> ("grep -r 'iptables\.service' /lib/systemd/* /etc/systemd/*" return
> nothing)
	There is an inverse way as well, in iptables there are some WantedBy= 
lines, follow them and they may lead you to the right source.
	Unfortunately another way of start scripts invocation are through dbus.
	You may also install graphviz and try
systemctl dot|dot -Tsvg > systemd.svg
but at my system the output look too complicated to find something.

> >> Second question about iptables: Is there any replacement for
> >> "service iptables panic" command from old gold cheerful non-systemd days?
> > Check /lib/systemd/system/iptables.service, you still may try
> > /lib/systemd/system/iptables.service panic
> 
> Although "/lib/systemd/system/iptables.service" has mode 0755, I think
> this is only packager mistake - systemd units IMO surely aren't
> executable scripts. But You perhaps meant "/usr/libexec/iptables.init"
> script (which seems identical with original "/etc/rc.d/init.d/" one.
> And yes, "/usr/libexec/iptables.init panic" works as before.
	You're right, sorry for the misclick.

> But pre-systemd location and use know all, this new none :(
	Bash script/alias is a solution, isn't?

> > You can also prepare two sets of iptables with the default be ACCEPT
> > and then switch between them with a simple command with flushing/renaming/adding
> > a chain.
> 
> Yes, it is solution too; but I would like know when it has been solved
> someway when this service was transferred to systemd.
	I don't really understand what you want to achieve, but this
solution I have found as the most suitable - you will still have default
iptables running and accepting what is very close to not running them,
and when you want to restrict network rules, you just switch to another
ruleset instead of starting.

-- 

--Zdenek Pytela, <pytela@xxxxxxxxxxxx>

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux