Control: severity -1 important Control: tags -1 +stretch Le vendredi 30 octobre 2020 à 16:10:09+0100, Ludwig Gramberg a écrit : > when lxc-net and netfilter/iptables-persistent are installed the start-up > script > in lxc-net uses iptables-commands while iptables-restore is used by > netfilter-persistent. > this is an unstable situation which sometimes causes iptables-restore to fail > on COMMIT. > thus the iptables rules are not being loaded leaving the server vulnerable. > > this should be solved within the service-files of systemd. if > netfilter-persistent.service > only runs after lxc-net.service the conflict should be avoided. at least it > helped on my server.
Dear Ludwig, Thanks for your bug report. The issue does not seem that easy to tackle. Indeed, if you start netfilter-persistent after lxc-net, you lose the lxc-net firewall configurations you've made, as netfilter-persistent overrides the rules set in place by lxc-net. Apart from that, have you experienced this issue in the current stable release? Cheers! -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them.
signature.asc
Description: PGP signature
