Iptables vs shorewall

solved

(JamesMillar) #1

I’ve been trying to uncover some anomalies with the servers and finally found the root cause. iptables on NethServer do not have the same rules as shorewall. In a number of circumstances, when someone has updated shorewall with their preferred settings and rules, one may encounter issues because iptables is still running and does not use the same rules as shorewall.

My current workaround is:

  1. disable and stop iptables from running altogether
  2. manually update iptables with the same rules as shorewall, this can be cumbersome and problematic for most if they are not familiar with iptables.

(Giacomo Sanchietti) #2

This should be resolved in 6.7rc1 release since Shorewall is the default firewall and CentOS iptables implementation is disabled by default.


(JamesMillar) #3

Good to hear. I’ll wait a bit before moving to that release.


(Alessio Fattorini) #4

@islipfd19 would you like to give a hand to our testing team?
There’s a lot of fun there:


Clearly, not in production!


(JamesMillar) #5

I looked over the NethServer 6.7 rc1 ready for testing post and did not see a clear indication to upgrade from 6.6 > 6.7; just the availability of the 6.7 rc1 iso.


(Giacomo Sanchietti) #6

http://docs.nethserver.org/en/v6.7/release_notes.html#upgrading-from-6-6


(luisr) #7

coincido con usted!!!


(Alessio Fattorini) #8

Do You agree with who and on what? :smile:


(luisr) #9

Sorry :blush, I agree with @islipfd19 : one may encounter issues because iptables is still running and does not use the same rules as shorewall.


(Alessio Fattorini) #10

As @giacomo said please check such behaviour on 6.7 and verify that you cannot reproduce it