iptables-restore hang during system boot
This is a discussion on iptables-restore hang during system boot within the Linux Networking forums, part of the Linux Forums category; -------- SUMMARY -------- OS: * Fedora Core 3 (kernel 2.6) Files involved: * /etc/sysconfig/iptables * /sbin/iptables-restore Issues: * iptables setup during ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-17-2005
|
|||
|
|||
iptables-restore hang during system boot
-------- SUMMARY --------
OS: * Fedora Core 3 (kernel 2.6) Files involved: * /etc/sysconfig/iptables * /sbin/iptables-restore Issues: * iptables setup during system boot hangs * nat table -------- THE STORY -------- I have recompiled the kernel disabling IP routing. Now iptables lacks the nat table. iptables-save's output lists no nat table: # Generated by iptables-save v1.2.11 on Tue May 17 09:17:49 2005 *mangle :PREROUTING ACCEPT [13:11993] :INPUT ACCEPT [13:11993] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [61:382696] :POSTROUTING ACCEPT [6:11120] [...rules...] COMMIT # Completed on Tue May 17 09:17:49 2005 # Generated by iptables-save v1.2.11 on Tue May 17 09:17:49 2005 *filter :INPUT DROP [6:468] :FORWARD DROP [0:0] :OUTPUT DROP [55:371576] [...rules...] COMMIT # Completed on Tue May 17 09:17:49 2005 This is fine. -------- THE PROBLEM -------- But now the system hangs during boot on "Starting firewall...". This is when the script /etc/init.d/iptables executes iptables-restore trying to read firewall rules from /etc/sysconfig/iptables (where iptables-save's output is stored). It recovers, in fact, but after 20 minutes or so. I didn't watch that long and don't know what happens. Then the firewall seems to be properly configured. -------- DIAGNOSTICS AND ATTEMPTS TO SOLVE -------- I used the --verbose option to iptables-restore during system boot: # Generated by iptables-save v1.2.11 on Tue May 17 09:17:49 2005 Flushing chain `PREROUTING' Flushing chain `INPUT' Flushing chain `FORWARD' Flushing chain `OUTPUT' Flushing chain `POSTROUTING' # Completed on Tue May 17 09:17:49 2005 # Generated by iptables-save v1.2.11 on Tue May 17 09:17:49 2005 Flushing chain `INPUT' Flushing chain `FORWARD' Flushing chain `OUTPUT' [Hang here, expected this line:] # Completed on Tue May 17 09:17:49 2005 After system is booted the same script (/etc/init.d/iptables start) seems to work fine. -------- HELP NEEDED -------- Any ideas on what's going on in iptables-restore then? I guess I must be having something misconfigured, but what? Thanks! -- http://www.nglogic.com Enter through the narrow gate! (Mt 7:13-14) 
|
Linear Mode
