LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 06-11-2013, 01:01 AM   #1
timl
Member
 
Registered: Jan 2009
Location: Sydney, Australia
Distribution: Fedora,CentOS
Posts: 333

Rep: Reputation: 46
iptables/pidora


Hi, I have noticed that my iptables rules are lost whenever I reboot my Pi. Maybe this is because I do a iptables-save but not an iptables-restore after a reboot.

So I did an iptables-save to the file /etc/sysconfig/iptab.config. I was a bit concerned when I dumped the contents of this file. Lots of rules in there I was not aware of. If you take port 631 which I think is TCP related, I have never added a rule which is borne out by the "iptables -L" command. However, when I look in iptab.config I see this port in 3 places.

Quote:
[root@pihat Downloads]# iptables -L | grep 631
[root@pihat Downloads]# cat /etc/sysconfig/iptab.config | grep 631
-A IN_ZONE_home_allow -p udp -m udp --dport 631 -m conntrack --ctstate NEW -j ACCEPT
-A IN_ZONE_internal_allow -p udp -m udp --dport 631 -m conntrack --ctstate NEW -j ACCEPT
-A IN_ZONE_work_allow -p udp -m udp --dport 631 -m conntrack --ctstate NEW -j ACCEPT
[root@pihat Downloads]#
So I am a bit concerned that rules I didn't define are in a file I propose to use for "iptables-restore"

Can someone pls confirm then
  1. Define Iptables rules
  2. iptables-save > filename
  3. reboot
  4. iptables-restore < filename

is that about it?

Thanks
 
Old 06-11-2013, 08:42 AM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 328Reputation: 328Reputation: 328Reputation: 328
There should be no reason to save / restore the iptables configuration; it is kept in /etc/sysconfig/iptables which is reloaded when the iptables service starts.

Make sure you are configuring the firewall correctly, per the documentation. Also, make sure the firewall is set to start on boot:

Code:
sudo systemctl enable iptables.service
sudo systemctl start iptables.service
 
Old 06-13-2013, 05:29 PM   #3
timl
Member
 
Registered: Jan 2009
Location: Sydney, Australia
Distribution: Fedora,CentOS
Posts: 333

Original Poster
Rep: Reputation: 46
I had a read through the doco you provided but I think my problem is more fundamental. I have just rebooted and these are the first commands I type:
Quote:
[tim@pihat ~]$ ps -ax | grep iptables
773 pts/0 S+ 0:00 grep --color=auto iptables
[tim@pihat ~]$ su
Password:
[root@pihat tim]# iptables -L | grep 413
[root@pihat tim]# /sbin/iptables -I INPUT -p tcp --destination-port 51413 -j ACCEPT
[root@pihat tim]# /sbin/iptables -I INPUT -p udp --destination-port 51413 -j ACCEPT
[root@pihat tim]# service iptables restartRedirecting to /bin/systemctl restart iptables.service
[root@pihat tim]# iptables -L | grep 413ACCEPT tcp -- anywhere anywhere tcp dpt:51413
ACCEPT udp -- anywhere anywhere udp dpt:51413
[root@pihat tim]#
Now I reboot and this is what I see:

Quote:
[tim@pihat ~]$ ps -ax | grep iptables
773 pts/0 S+ 0:00 grep --color=auto iptables
[tim@pihat ~]$ iptables -L | grep 413
iptables v1.4.16.2: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
[tim@pihat ~]$ sudo iptables -L | grep 413
[sudo] password for tim:
[tim@pihat ~]$
So iptables is up and running after a reboot. My rules are not present.
  1. I enter my rules, check they are present and restart iptables
  2. reboot
  3. the rules have disappeared
  4. reenter rules
  5. reboot
  6. the rules have disappeared

This is what I have always done in Fedora/Centos but rules don't disappear!So I am wondering whether this is a Pi quirk!
 
Old 07-19-2013, 03:17 PM   #4
leoboulton
LQ Newbie
 
Registered: Jul 2013
Posts: 1

Rep: Reputation: Disabled
I ran into the same issue with my pidora. I realized that Pidora (because it is a "recent" fedora distro) runs firewalld for security handling, as well. And it appears as it overwrites or preempts iptables at boot time.
For normal iptables, edits and add entries must be saved /etc/sysconfig/iptables file, via the save command
Quote:
/sbin/service iptables save
/sbin/service iptables save
You'll see that the file is created and edited; but after reboot it isn't getting the changes either.

Check firewalld and firewall-cmd... to see if it's enabled do:
Code:
[root@pi ~]# systemctl status firewalld.service 
firewalld.service - firewalld - dynamic firewall daemon
          Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
          Active: active (running) since Fri, 2013-05-17 14:48:00 EDT; 2 months and 2 days ago
        Main PID: 133 (firewalld)
          CGroup: name=systemd:/system/firewalld.service
                  └ 133 /usr/bin/python /usr/sbin/firewalld --nofork
To show which services/ports are enabled via firewalld use
Code:
[root@pi ~]# firewall-cmd --list-services
mdns dhcpv6-client ssh
[root@pi ~]#
An example to permanently accept http and https sessions thru the "Public" zone (which in my case is eth0), you have to run:
Code:
[root@pi ~]# firewall-cmd --zone=public --add-service=https --permanent
[root@pi ~]# firewall-cmd --zone=public --add-service=http --permanent
See if that helps, it worked for me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Pidora: The Raspberry Pi Fedora remix LXer Syndicated Linux News 0 05-31-2013 11:50 AM
[SOLVED] Pidora/transmission timl Linux - General 0 05-24-2013 08:45 AM
Fedora Project Announces Pidora Remix for Raspberry Pi jeremy Linux - News 0 05-23-2013 11:17 AM
LXer: Raspberry Pis Fedora becomes Pidora LXer Syndicated Linux News 0 05-23-2013 04:20 AM


All times are GMT -5. The time now is 04:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration