Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

iptables - computer hangs

9 views
Skip to first unread message

Erik Xavior

unread,
Apr 17, 2009, 4:00:12 AM4/17/09
to
I have a simple iptables script.

If I put it in rc2.d, it runs at boot, works OK...but..... when I want to shutdown OR restart the pc, it just hangs (I can see the shutdown button is still pressed). :S
I can only shutdown the pc, when I press ctrl+alt+backspace

if it helps, I can post my firewall script :(

thank you for any help or information :S

Javier Barroso

unread,
Apr 18, 2009, 1:30:39 PM4/18/09
to
On Fri, Apr 17, 2009 at 9:56 AM, Erik Xavior <erikxa...@gmail.com> wrote:
> I have a simple iptables script.
>
> If I put it in rc2.d, it runs at boot, works OK.

Did you try to use your iptable script in post-up / pre-down hooks at
/etc/network/interfaces ? I think it is the best solution for that

Regards,


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Erik Xavior

unread,
Apr 19, 2009, 2:50:05 PM4/19/09
to
OK, my brains dead. :)
It still doesn't work :D :\ :(

I'm using Debian Lenny, with GNOME

1) First I removed the network-manager, to be sure, it doesn't do anything:

apt-get remove --purge -y network-manager-gnome network-manager-openvpn-gnome network-manager-pptp-gnome network-manager-vpnc-gnome

then, I modified the interfaces file:

cat /etc/network/interfaces

My iptables script is this.

But my pc still "hangs", when I click at "shutdown" (I tried several times)

But!!: if I open a terminal under GNOME, and "su", then "shutdown -h now", then it shuts down OK.

Thank you for any help, and please say, if I did something wrong :S

Sthu Deus

unread,
Apr 20, 2009, 6:30:11 AM4/20/09
to
Thank You for Your time and answer, Javier:

> Did you try to use your iptable script in post-up / pre-down hooks at
> /etc/network/interfaces ? I think it is the best solution for that

But I have to disagree w/ You - for once the network environment
changes that is, say the machine will be out of a net, then the file
running will cease on the interface initialization (or whatever) that
will end up with not started firewall at all - that can be dangerous in
cases of:

a) there are rules for internal programs communications (that is within
the machine);

b) if a modem connection will be istablished - the machine will be just
uncovered for the net (?Internet).

Personally, I advice the topic author to make a script, make it
running from some /etc/rcN.d, having small number after S. - Then the
firewall will be launched independently on what the current network
environment is. Disadvantage is there is a time between actual
interface initialization moment and the moment the iptables rules are
applied.

Please, correct me, if I'm wrong.

Javier Barroso

unread,
Apr 20, 2009, 9:40:11 AM4/20/09
to

Seems like a Gnome bug ?
As last resource, I would add '-x' option to #!/bin/sh and then see
where server hangs ... I know this is not the best option

Regards,

Javier Barroso

unread,
Apr 20, 2009, 9:40:15 AM4/20/09
to
On Mon, Apr 20, 2009 at 12:17 PM, Sthu Deus <sthu...@gmail.com> wrote:
> Thank You for Your time and answer, Javier:
>
>> Did you try to use your iptable script in post-up / pre-down hooks at
>> /etc/network/interfaces ? I think it is the best solution for that
>
> But I have to disagree w/ You - for once the network environment
> changes that is, say the machine will be out of a net, then the file
> running will cease on the interface initialization (or whatever) that
> will end up with not started firewall at all - that can be dangerous in
> cases of:
>
> a) there are rules for internal programs communications (that is within
> the machine);
>
> b) if a modem connection will be istablished - the machine will be just
> uncovered for the net (?Internet).

Ok, It was only my suggest, I don't have strong opinion about it
(thanks for your time and opinion too).


>
> Personally, I advice the topic author to make a script, make it
> running from some /etc/rcN.d, having small number after S. - Then the
> firewall will be launched independently on what the current network
> environment is. Disadvantage is there is a time between actual
> interface initialization moment and the moment the iptables rules are
> applied.
>

I don't like to add a local init script to debian system. Perhaps
better adding iptable rules to /etc/rc.local

Regards,

Thorny

unread,
Apr 20, 2009, 10:10:17 AM4/20/09
to
On Sun, 19 Apr 2009 20:36:59 +0200, Erik Xavior posted:

>[...]

> 1) First I removed the network-manager, to be sure, it doesn't do
> anything:
>
> apt-get remove --purge -y network-manager-gnome
> network-manager-openvpn-gnome network-manager-pptp-gnome
> network-manager-vpnc-gnome
>

This looks to me like you removed the Gnome tray applet for NetworkManager
and other Gnome bits but not the network-manager package itself. Is that
what you were intending?

>[...[

Erik Xavior

unread,
Apr 20, 2009, 4:20:12 PM4/20/09
to
now I fully removed network manager:

apt-get remove --purge -y network-manager-gnome network-manager-openvpn-gnome network-manager-pptp-gnome network-manager-vpnc-gnome network-manager network-manager-openvpn network-manager-pptp network-manager-vpnc

because I read in forums, when I want to "use" the /etc/network/interfaces file, it's better to remove the network-manager

I tried putting a shutdown script to /etc/network/if-post-down.d/ but it doesn't help
It's just a Desktop machine, so it's isn't very important

I usually suspend my computer, that works very good, I get good uptimes :)
But if I wan to shut down the PC, I have to click shutdown + press Ctrl+Alt+backspace, OR
run /etc/init.d/networking stop before I click shutdown
0 new messages