Hi Kyros, > I think that it works only for a few minutes because > /etc/fonestated/FWallDeamon begins flushing input_daemon chain. Seems Pomero is right here. FWallDeamon flushes and refills the input_daemon chain. It is called by /etc/firewall.fon, but also separately from fonstated, breaking your rule.
> Maybe you could try to declare your service in /etc/config/services adding > something like: > > config service myhttpd > option path "/pathto/yourHttpd" > option order 16 > option name "MyWeb" > option fwall 1 > list tcp_port 8080 > > instead adding a firewall.user file with custom iptables directives. This is probably a good idea, it is the most elegant way of doing this. Not sure if this survives upgrades, but I guess the firewall.user option won't either. Alternatively, you could try the firewall.user approach but add the rule to the "input_rule" chain instead of "input_daemon". AFAICS, this chain is only touched by /etc/firewall.fon, so it should remain working. Gr. Matthijs
signature.asc
Description: Digital signature
_______________________________________________ Development mailing list [email protected] http://fonosfera.org/mailman/listinfo/development
