first, sorry for my poor english, i hope you will understand me.
I have some trooble with using iptables-persistent and rules with URL inside, but just when the machine start :
What i have done :
apt-get install iptables-persistent (here, no problem ^^ )
next, i create my rules file :
nano /etc/iptables/rules.v4
If i just put some rules like this, i have no problem :
Code: Select all
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#loopback
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
#ICMP
-A INPUT -p icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -p icmp --icmp-type 0 -j ACCEPT
#DNS
-A OUTPUT -p tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp --dport 53 -j ACCEPT
#NTP
-A OUTPUT -o eth0 -d 192.168.200.1 -p udp --dport 123 -j ACCEPT
Even if i reboot the computer, iptables -L is OK.
BUT : when i add some rules with URL, like :
Code: Select all
-A OUTPUT -o eth0 -d ftp.fr.debian.org -p tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -d security.debian.org -p tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -d security-cdn.debian.org -p tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -d database.clamav.net -p tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -d db.local.clamav.net -p tcp --dport 80 -j ACCEPT
But when i restart the computer, rules are not loaded, and there is an error in /var/log/syslog :
Code: Select all
Jul 6 11:52:10 machinetest systemd[1]: Starting netfilter persistent configuration...
Jul 6 11:52:10 machinetest netfilter-persistent[341]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Jul 6 11:52:10 machinetest netfilter-persistent[341]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 2
Jul 6 11:52:10 machinetest netfilter-persistent[341]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Jul 6 11:52:10 machinetest netfilter-persistent[341]: Warning: skipping IPv6 (no rules to load)
Jul 6 11:52:10 machinetest systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Jul 6 11:52:10 machinetest systemd[1]: Failed to start netfilter persistent configuration.
Jul 6 11:52:10 machinetest systemd[1]: netfilter-persistent.service: Unit entered failed state.
Jul 6 11:52:10 machinetest systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Code: Select all
### BEGIN INIT INFO
# Provides: netfilter-persistent
# Required-Start: mountkernfs [b]$all[/b]
# Required-Stop: $remote_fs
# Default-Start: S
# Default-Stop: 0 1 6
# Short-Description: Load boot-time netfilter configuration
# Description: Loads boot-time netfilter configuration
### END INIT INFO
The only thing who work is to add a cron task :
Code: Select all
@reboot /etc/init.d/netfilter-persistent restart
Hope you understand me, and maybe you will have an idea.
Cdt,