On Wed, 14 Mar 2018 12:39:38 -0700 "g.smyli" <g.sm...@nym.hush.com> wrote: > Package: iptables > Version: 1.6.0+snapshot20161117-6 > Severity: normal > > Dear Maintainer, > > *** Reporter, please consider answering these questions, where appropriate *** > > * What led up to the situation? > I believe the problem existed after fresh netinstall of Debian Stretch with > xfce destop but I am not sure exactly when I \ > began to notice iptables problem. I added skolelinux desktop which took over > boot but is still xfce so I didn't mind. Being \ > rather security conscious I'm sure I would setup iptables with rules right > away. > * What exactly did you do (or not do) that was effective (or > ineffective)? > I made rules for iptables. I noticed I had problems loading the rules up at > boot. Tried netfilter-persistent, \ > tried a script in rc.local maybe a couple of other efforts (installed apf, > uninstalled apf netfilter-persistent, reinstall \ > iptables and netfilter-persistent...) most things I tried usually worked for > a few boots but would then would\ > randomly fail. The most dependable thing I have found is to be disconnected > from the network by default and place a preprocessing iptables startup script > \ > in wicd which loads the rules before network is brought up. Eventually I > discovered the loaded rules would disapper after a few minutes. This \ > happens whether I am browsing the internet or not or in fact not doing > anything. > I just tried to gdebi the latest package iptables_1.6.1-2~bpo9+1_amd64.deb > but that was uninstallable due to an incompatible library. > > Rquired outcome is of course to load the rules and depend on them to be > stable. > >
mmm iptables can't automatically delete rules. There should be something else deleting the rules or messing with the firewall (your own rc.local script, or netfilter-persistent, perhaps?). Anyway, that's not a bug in iptables itself. Thanks for reporting the issue though!
