iptables rules disappearing!!!

To:	netfilter@lists.netfilter.org
Subject:	iptables rules disappearing!!!
From:	Покотиленко Костик <casper@meteor.dp.ua>
Date:	Tue, 23 Jan 2007 10:46:24 +0200
Cc:	lartc@mailman.ds9a.nl
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Organization:	СК "Метеор"
Reply-to:	casper@meteor.dp.ua
Sender:	netfilter-bounces@lists.netfilter.org

To:

netfilter@lists.netfilter.org

Subject:

iptables rules disappearing!!!

From:

Покотиленко Костик <casper@meteor.dp.ua>

Date:

Tue, 23 Jan 2007 10:46:24 +0200

Cc:

lartc@mailman.ds9a.nl

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

netfilter-list1@securepoint.com

List-archive:

</pipermail/netfilter>

List-help:

<mailto:netfilter-request@lists.netfilter.org?subject=help>

List-id:

General discussion and user questions <netfilter.lists.netfilter.org>

List-post:

<mailto:netfilter@lists.netfilter.org>

List-subscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>

List-unsubscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>

Organization:

СК "Метеор"

Reply-to:

casper@meteor.dp.ua

Sender:

netfilter-bounces@lists.netfilter.org

Hi all.

I have got to see a strange thing. Some of my iptables' rules are
disaprearing after several days!!!

I have many rules like:

# iptables -t mangle -A $MYCHAIN -s $SRC_IP -d $DST_IP -j MARK
--set-mark $MARK

for classifying traffic for shaping, total about 100 rules with
different 20 marks, and rules like

# iptables -A FORWARD -m mark --mark $MARK

for accounting shaping classes, total 20 rules (for all marks). The are
also many other filtering and nat rules.

Some of the mark rules in FORWARD chain are disapearing after several
days. How can this happen? Can this happen without user intrusion?

Considering that all those rules are inserted during boot by
iptables-restore. I double checked that during ppp up/down rules
inserted/removed only in "-t mangle", "-t nat" and "-A USERCHAIN".

System: Debian Sarge, 2.6.8-3-k7, iptables v1.2.11

-- 
Покотиленко Костик <casper@meteor.dp.ua>

<Prev in Thread]	Current Thread	[Next in Thread>
iptables rules disappearing!!!, Покотиленко Костик <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	determine internet connection duration, Ming-Ching Tiew
Next by Date:	Re: problem with hostB wifi0 -> aDSL modem wifi0 -> hostA wifi0 -> hostA eth0 -> hostA ppp0 -> aDSL modem bridge --- Not MASQUERADEing..., unauthorized
Previous by Thread:	determine internet connection duration, Ming-Ching Tiew
Next by Thread:	netfilter_queue: how to obtain address info from queued packet, Michal Martinek
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

determine internet connection duration, Ming-Ching Tiew

Next by Date:

Re: problem with hostB wifi0 -> aDSL modem wifi0 -> hostA wifi0 -> hostA eth0 -> hostA ppp0 -> aDSL modem bridge --- Not MASQUERADEing..., unauthorized

Previous by Thread:

determine internet connection duration, Ming-Ching Tiew

Next by Thread:

netfilter_queue: how to obtain address info from queued packet, Michal Martinek

Indexes:

[Date] [Thread] [Top] [All Lists]