None of iptables persistent methods working

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
Saturnus
Posts: 2
Joined: Fri Jun 14, 2019 10:44 pm

None of iptables persistent methods working

Post by Saturnus » Fri Jun 14, 2019 10:47 pm

I need

Code: Select all

iptables -P FORWARD ACCEPT
soon after boot. Which does work manually.

None of the possible automated methods is working.
Not working: Execute after network goes up via e.g. /etc/network/if-up.d/iptables
Not working: iptables-persistent (https://www.thomas-krenn.com/en/wiki/Sa ... ermanently)
Not working: /etc/init (https://askubuntu.com/questions/814/how ... n-start-up)
Not working: rc.local (https://linuxtechlab.com/executing-comm ... at-reboot/)
Not working: crontab (https://linuxtechlab.com/executing-comm ... at-reboot/)

Satanic...

How to get this working.
I am using Docker, and Docker is adjusting iptables, but executing a command can't be that hard right?

User avatar
MichaIng
Site Admin
Posts: 1870
Joined: Sat Nov 18, 2017 5:21 pm

Re: None of iptables persistent methods working

Post by MichaIng » Thu Jun 20, 2019 6:01 pm

@Saturnus
  1. Did you try to set it manually and check back if it got applied: iptables -P FORWARD ACCEPT; iptables -L FORWARD
  2. If Docker configures iptables, did you verify that it does not either overwrite previous rules or it must be set somehow from within Docker to be effektive there? Sorry I am not too experienced with Docker ;).
  3. To debug, disable Docker autostart (echo '- docker' >> /DietPi/dietpi/.dietpi-services_include_exclude), use /etc/network/if-up.d/iptables (makes most sense IMO), assure that it has a proper shebang: #!/bin/dash will work best for this simple command.
  4. Check if run-parts would even run the script: run-parts --test /etc/network/if-up.d
  5. Check if the result is as expected: run-parts -v /etc/network/if-up.d
  6. Check if ifup triggers it similarly: ifdown eth0; sleep 1; ifup eth0 (Replace "eth0" with the correct interface)
  7. Do a reboot, check if interface is brought up as expected and iptables rules state applied: ip a; iptables -L FORWARD
  8. Then compare result with Docker enabled: sed -i '/- docker/d' /DietPi/dietpi/.dietpi-services_include_exclude

Saturnus
Posts: 2
Joined: Fri Jun 14, 2019 10:44 pm

Re: None of iptables persistent methods working

Post by Saturnus » Tue Jun 25, 2019 11:16 am

MichaIng wrote:
Thu Jun 20, 2019 6:01 pm
@Saturnus
Thank you for the reply. I will look at this a bit later as more urgent IT and other matters appeared these days.

Post Reply