iptables causes sites to stop working [SOLVED]

Message

audiodef · Post by **audiodef** » Mon Jul 21, 2014 1:19 pm

I've been noticing that my sites stop working after a day or so. Restarting services one at a time to find the culprit, I found that my sites started working after restarting iptables:

Code: Select all

 * Flushing firewall rules iptables                                                                                          [ OK ] 
 * Setting chains to policy ACCEPT                                                                                                   raw nat mangle filter                                                                                                       [ OK ]
Unloading iptables moduleslibkmod: ERROR ../libkmod/libkmod-module.c:1619 kmod_module_new_from_loaded: could not open /proc/modules: No such file or directory
Error: could not get list of modules: No such file or directory
grep: /proc/modules: No such file or directory
libkmod: ERROR ../libkmod/libkmod-module.c:1619 kmod_module_new_from_loaded: could not open /proc/modules: No such file or directory
Error: could not get list of modules: No such file or directory
grep: /proc/modules: No such file or directory
                                                                                                                             [ OK ]
 * Applying iptables firewall rules

What's going on, and how should I fix it?

Sysa · Post by **Sysa** » Mon Jul 21, 2014 8:35 pm

Do you have modules enabled in your kernel?

audiodef · Post by **audiodef** » Mon Jul 21, 2014 8:55 pm

No, and I don't want to mess with the kernel because it's a hosted server. But I think the problem is I need to figure out which file I should edit to set IPTABLES_MODULES_UNLOAD to "no".

Post by Hu » Tue Jul 22, 2014 1:01 am

Usually the answer is the file of the same name in /etc/conf.d. However, my init scripts do not look like they could generate some of the output you posted. Are you using some system other than openrc?

audiodef · Post by **audiodef** » Tue Jul 22, 2014 1:44 pm

I found what I was looking for in /etc/init.d/iptables. I didn't think of it because I've always edited conf files, not init scripts. But it works now.

(Of course, it's going to get wiped out when iptables gets updated, but I'll just keep an eye out for it and make the change again when I need to.)

steveL · Post by **steveL** » Tue Jul 22, 2014 4:54 pm

audiodef wrote:I found what I was looking for in /etc/init.d/iptables. I didn't think of it because I've always edited conf files, not init scripts. But it works now.

(Of course, it's going to get wiped out when iptables gets updated, but I'll just keep an eye out for it and make the change again when I need to.)

I don't have that init.d file; what package is it from? qfile /etc/init.d/iptables as I'm sure you know.

If you can post the diff (and url of original file if you have it) then we could look to filing a bug once it's genericised. Though I'd like to check it's not something you can already do.

Post by **Chiitoo** » Tue Jul 22, 2014 5:56 pm

steveL wrote:I don't have that init.d file; what package is it from?

I do:

Code: Select all

$ equery b /etc/init.d/iptables
 * Searching for /etc/init.d/iptables ... 
net-firewall/iptables-1.4.21-r1 (/etc/init.d/iptables)

Here bee the file: Contents of /net-firewall/iptables/files/iptables-1.4.13-r1.init

steveL · Post by **steveL** » Thu Jul 24, 2014 3:51 pm

Chiitoo wrote:Here bee the file: Contents of /net-firewall/iptables/files/iptables-1.4.13-r1.init

Cheers Chiitoo :) Wow, that's.. rather "special" as USians say. Still we can clean that up in the mix. So what changes did you make to set IPTABLES_MODULES_UNLOAD to "no", audiodef?

iptables causes sites to stop working [SOLVED]

iptables causes sites to stop working [SOLVED]

Re: iptables causes sites to stop working