Bug#892951: iptables rules loaded via iptables-restore ....rules.v4 are dropped every few minutes.

2018-12-28 Thread Arturo Borrero Gonzalez 
On Wed, 14 Mar 2018 12:39:38 -0700 "g.smyli"  wrote:
> Package: iptables
> Version: 1.6.0+snapshot20161117-6
> Severity: normal
> 
> Dear Maintainer,
> 
> *** Reporter, please consider answering these questions, where appropriate ***
> 
>* What led up to the situation?
> I believe the problem existed after fresh netinstall of Debian Stretch with 
> xfce destop but I am not sure exactly when I \
> began to notice iptables problem. I added skolelinux desktop which took over 
> boot but is still xfce so I didn't mind. Being \
> rather security conscious I'm sure I would setup iptables with rules right 
> away.
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
> I made rules for iptables. I noticed I had problems loading the rules up at 
> boot. Tried netfilter-persistent, \
> tried a script in rc.local maybe a couple of other efforts (installed apf, 
> uninstalled apf netfilter-persistent, reinstall \
> iptables and netfilter-persistent...) most things I tried usually worked for 
> a few boots but would then would\
> randomly fail. The most dependable thing I have found is to be disconnected 
> from the network by default and place a preprocessing iptables startup script 
> \
> in wicd which loads the rules before network is brought up. Eventually I 
> discovered the loaded rules would disapper after a few minutes. This \
> happens whether I am browsing the internet or not or in fact not doing 
> anything.
> I just tried to gdebi the latest package iptables_1.6.1-2~bpo9+1_amd64.deb 
> but that was uninstallable due to an incompatible library.
> 
>Rquired outcome is of course to load the rules and depend on them to be 
> stable.
> 
> 

mmm iptables can't automatically delete rules. There should be something
else deleting the rules or messing with the firewall (your own rc.local
script, or netfilter-persistent, perhaps?).

Anyway, that's not a bug in iptables itself.

Thanks for reporting the issue though!

Bug#892951: iptables rules loaded via iptables-restore ....rules.v4 are dropped every few minutes.

2018-03-14 Thread g.smyli 
Package: iptables
Version: 1.6.0+snapshot20161117-6
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
I believe the problem existed after fresh netinstall of Debian Stretch with 
xfce destop but I am not sure exactly when I \
began to notice iptables problem. I added skolelinux desktop which took over 
boot but is still xfce so I didn't mind. Being \
rather security conscious I'm sure I would setup iptables with rules right away.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
I made rules for iptables. I noticed I had problems loading the rules up at 
boot. Tried netfilter-persistent, \
tried a script in rc.local maybe a couple of other efforts (installed apf, 
uninstalled apf netfilter-persistent, reinstall \
iptables and netfilter-persistent...) most things I tried usually worked for a 
few boots but would then would\
randomly fail. The most dependable thing I have found is to be disconnected 
from the network by default and place a preprocessing iptables startup script \
in wicd which loads the rules before network is brought up. Eventually I 
discovered the loaded rules would disapper after a few minutes. This \
happens whether I am browsing the internet or not or in fact not doing anything.
I just tried to gdebi the latest package iptables_1.6.1-2~bpo9+1_amd64.deb but 
that was uninstallable due to an incompatible library.

   Rquired outcome is of course to load the rules and depend on them to be 
stable.


Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages iptables depends on:
ii  libc62.24-11+deb9u3
ii  libip4tc01.6.0+snapshot20161117-6
ii  libip6tc01.6.0+snapshot20161117-6
ii  libiptc0 1.6.0+snapshot20161117-6
ii  libnetfilter-conntrack3  1.0.6-2
ii  libnfnetlink01.0.1-3
ii  libxtables12 1.6.0+snapshot20161117-6

iptables recommends no packages.

Versions of packages iptables suggests:
ii  kmod  23-2

-- no debconf information