Linode Forum
https://forum.linode.com/

iptables won't restore on reboot ?
https://forum.linode.com/viewtopic.php?f=19&t=7659		 Page 1 of 1
Author:  romy [ Tue Aug 30, 2011 11:29 pm ]
Post subject:  iptables won't restore on reboot ?
This is my /etc/network/interfaces (sans IPs):

Code:
auto lo
iface lo inet loopback

auto eth0

iface eth0 inet static
 address ...
 netmask ...
 gateway ...
 pre-up iptables-restore < /etc/iptables.saved


Didn't want to paste my iptables.saved, but suffice it to say that if I run iptables-restore < /etc/iptables.saved manually at any point after reboot, it restores the correct rules.

Asked Linode for help, they referred me to forums :/
Author:  db3l [ Wed Aug 31, 2011 12:14 am ]
Post subject: 
What if you replace "pre-up" with up/post-up? Perhaps your rules have some interface-specific parameters that won't work if your interface is still down?

-- David
Author:  romy [ Wed Aug 31, 2011 12:36 am ]
Post subject: 
db3l wrote:
What if you replace "pre-up" with up/post-up? Perhaps your rules have some interface-specific parameters that won't work if your interface is still down?

-- David


Ooh, I like where you're going w/ this, will try it (can't reboot production box, though). Is there a set of rules I should look for off the top of your head ?

And is there a difference between up and (EDIT) post-up ?
Author:  db3l [ Wed Aug 31, 2011 1:02 am ]
Post subject: 
romy wrote:
Ooh, I like where you're going w/ this, will try it (can't reboot production box, though). Is there a set of rules I should look for off the top of your head ?

Look for "-i <interface>" in the rules, for example.

Quote:
And is there a difference between up and (EDIT) post-up ?

I think they're synonymous.

In terms of testing, you could always spin up a test Linode just long enough to test. Copy over your iptables save file from the production box and do a few tests on it. You could also try installing the rules while on the console with eth0 still down.

-- David
Author:  romy [ Thu Sep 01, 2011 10:14 am ]
Post subject: 
Yup, definitely had a bunch of -i rules in the file. I'll give it a test soon.

Thanks!
Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/