Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 26486

Summary: different file names for FireHOL and iptables-{save,restore} in /var/lib/iptables
Product: Gentoo Linux Reporter: Steffen Lassahn <lassahn>
Component: Current packagesAssignee: Martin Holzer (RETIRED) <mholzer>
Status: RESOLVED FIXED    
Severity: minor CC: blizzy-keyword-gentoo_bugs3.075080, paul
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 26762, 31052    
Bug Blocks:    

Description Steffen Lassahn 2003-08-12 08:41:59 UTC 
After creating an iptables configuration with FireHOL I want to save it to have
it autoload whenever the machine boots. FireHOL saves it in
/var/lib/iptables/autosave. /etc/init.d/iptables tries to load the rules from
/var/lib/iptables/rules-save (as configured in /etc/conf.d/iptables) but of
course does not find it.

Reproducible: Always
Steps to Reproduce:
1. Create iptables config with FireHol
2. Save config with FireHol
3. "rc-update add iptables boot"
4. Reboot

Actual Results:  
Error message from /etc/init.d/iptables about no config found

Expected Results:  
Load my config

Three ideas for a solution:

1. Patch FireHol to create softlink in /var/lib/iptables from autosave to
rules-save when saving config
2. Enhance /etc/init.d/iptables to look in multiple places for the config file
and then add autosave at installation of FireHOL
3. Patch FireHOL to write to rules-save instead of autosave
Comment 1 Steffen Lassahn 2003-08-12 09:04:11 UTC 
OK, after looking around a little more I found a fourth method to solve the problem which is to patch FireHOL and set FIREHOL_AUTOSAVE to /var/lib/iptables/rules-save.
Comment 2 Paul Harrington 2003-08-13 03:00:34 UTC 
What about modifying /etc/conf.d/iptables to:

IPTABLES_SAVE="/var/lib/iptables/autosave"
Comment 3 Steffen Lassahn 2003-08-14 06:01:49 UTC 
I don't know, that might break other things that are depending on the name rules-save.
Comment 4 phceac 2003-08-31 09:38:43 UTC 
A workaround is to set up your firewall with firehol, and then do :
> /etc/init.d/iptables save

This saves whatever is the current iptables setup, which is then restored on boot (if you've added iptables to boot)
Comment 5 Maik Schreiber 2003-10-13 11:08:46 UTC 
FireHOL 1.159 takes care of Gentoo by sourcing /etc/conf.d/iptables. So,
this bug can be closed as soon as 1.159 is in Portage.
Comment 6 Martin Holzer (RETIRED) gentoo-dev 2003-10-13 11:53:01 UTC 
closing with bug #31052