[Firewall] Something about v1.9.2j

Dmitry pmf026 at int13.ru
Wed Mar 3 14:18:48 CET 2010


Fw started after... well I didn't bring down interfaces.. its a working 
server. I wanted to upgrade as seamless as possible, noone even noticed 
it.. I didn't bring down interfaces, nor did I reboot this machine..
I ran uninstall script, and installed a new one, made changes to config 
and just restarted fw (/etc/init.d/arno-iptables-firewall restart) 
that's all.

I forgot to mention that there are in indeed interfaces that not exist 
yet... like ppp0, ppp1, ppp3.....ppp10.  so, its normal script 
behavior.. but not about those ifaces I was talking about (eth0, eth1, 
eth2 - these are always up, and ppp25 will not appear if eth0 is down 
for example)


Arno van Amersfoort пишет:
> This all looks ok. No worries about the UNKNOWN things. But again: I 
> think your problem is the fact that your firewall is started before 
> the network interfaces are brought up. I recently changed this in the 
> install-script, so re-running it should fix the problem....
>
> a.
>
> Dmitry wrote:
>>
>> Here's my 'ip link show':
>>
>> where eth0 is my ISP's LAN (external net), eth1 is my LAN (internal 
>> net), eth2 is DMZ (my wlan) and ppp25 is internet (via eth0, external)
>>
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
>> state UNKNOWN qlen 1000 link/ether 00:80:48:4e:28:27 brd 
>> ff:ff:ff:ff:ff:ff
>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
>> state UNKNOWN qlen 1000 link/ether 00:80:48:4e:27:fb brd 
>> ff:ff:ff:ff:ff:ff
>> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
>> state UNKNOWN qlen 1000 link/ether 00:50:fc:c1:5e:00 brd 
>> ff:ff:ff:ff:ff:ff
>> 229: ppp25: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1460 qdisc 
>> pfifo_fast state UNKNOWN qlen 3 link/ppp
>>
>> Weird. Link state "UNKNOWN" I don't get it...why? any help will be 
>> appreciated.. I think some module is missing... its been running like 
>> this for almost 4 or 5 years xD
>>
>> I'm running GNU/Linux Debian Lenny 5.0 (2.6.26-2-686).
>>
>>
>> Arno van Amersfoort пишет:
>>> Thanks for reporting the uninstall bug. I've fixed it.
>>>
>>> About the non existing interface errors. Mind posting the output of 
>>> "ip link show" ?
>>>
>>> Are you sure the firewall is started AFTER the network has been 
>>> brought up?
>>>
>>> And about the space/comma thing in variables. Most of the time both 
>>> work. Rule of the thumb is that space seperation should be used when 
>>> you want to group certain rules when using eg. interface 
>>> restrictions (which most ppl don't). For variables only takes 
>>> interfaces both spaces & commas are fine.
>>>
>>> a.
>>>
>>>
>>> Dmitry wrote:
>>>> Ok, I've upgraded from v1.9.2a to the latest build..
>>>>
>>>> Uninstall.sh has mistaken Y/N answers.. so No = Yes, and Yes = 
>>>> No... Do you want to uninstall? I press Y, and script takes it as No.
>>>>
>>>>
>>>> and when I run the script I see this:
>>>>
>>>> *************
>>>> Arno's Iptables Firewall Script v1.9.2j
>>>> ------------------------------------------------------------------------------- 
>>>>
>>>> Sanity checks passed...OK
>>>> NOTE: External interface eth0 does NOT exist (yet?)
>>>> NOTE: External interface ppp25 does NOT exist (yet?)
>>>> NOTE: Internal interface eth1 does NOT exist (yet?)
>>>> NOTE: DMZ interface eth2 does NOT exist (yet?)
>>>>
>>>> *************
>>>>
>>>> But all those interfaces are up and running. Everything is working 
>>>> well, but it's a little bit confusing...
>>>>
>>>> And a question, sometimes it says (in comments) that multiple 
>>>> interfaces should be space separated and sometimes comma 
>>>> separated... which separation method should I use?
>>>>
>>>> Thank you.
>>>>
>>>> Sincerely yours,
>>>> Dmitry.
>>>>
>>>> _______________________________________________
>>>> Firewall mailing list
>>>> Firewall at rocky.eld.leidenuniv.nl
>>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>>> http://rocky.eld.leidenuniv.nl
>>>>
>>>
>>
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>



More information about the Firewall mailing list