[ksplash] [Bug 495978] New: KSplash hangs for 2 minutes after first login with iptables rules

Fri, 08 Nov 2024 09:01:45 -0800 

https://bugs.kde.org/show_bug.cgi?id=495978

            Bug ID: 495978
           Summary: KSplash hangs for 2 minutes after first login with
                    iptables rules
    Classification: Plasma
           Product: ksplash
           Version: 5.27.11
          Platform: Kubuntu
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: plasma-b...@kde.org
          Reporter: vcp85...@kisoq.com
  Target Milestone: ---

Created attachment 175654
  --> https://bugs.kde.org/attachment.cgi?id=175654&action=edit
journalctl with iptables on

Hello, after doing a fresh install of KUbuntu 24.04.1, I am experiencing an
issue after submitting my password on the login screen which might be connected
to SDDM or KSplash, I'm not sure.
After submitting my password, my screen becomes black and I can only move the
mouse cursor. I have to wait between 2 and 3 minutes until something times out,
and then the desktop shows up.

If I disable the iptables service, or enable it without the rules, everything
is working fine, my desktop shows up right after I submit my password. Hence, I
suspect that the issue is related to my iptables configuration but I cannot
find why.
In addition, I don't have the problem with Kubuntu 22.04 nor with Ubuntu 24.01
with Gnome.

This weird behavior appears after I run a script which add some iptables rules:

#!/bin/bash
echo "#!/bin/bash

iptables -F
iptables -P INPUT DROP

iptables -N LOG_DROP
iptables -A LOG_DROP -j LOG --log-prefix '[IPTABLES DROP] : '
iptables -A LOG_DROP -j DROP

iptables -N LOG_ACCEPT
iptables -A LOG_ACCEPT -j LOG --log-prefix '[IPTABLES ACCEPT] : '
iptables -A LOG_ACCEPT -j ACCEPT

ip6tables -N LOG_ACCEPT
ip6tables -A LOG_ACCEPT -j LOG --log-prefix '[IPTABLES ACCEPT] : '
ip6tables -A LOG_ACCEPT -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j LOG_ACCEPT

iptables -A INPUT -j LOG_DROP
iptables -A FORWARD -j LOG_DROP

ip6tables -F INPUT
ip6tables -F OUTPUT
ip6tables -F FORWARD
ip6tables -F

# Allow ICMP
#ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j LOG_ACCEPT
ip6tables -P INPUT DROP" > /etc/init.d/firewall

chmod +x /etc/init.d/firewall
#update-rc.d firewall defaults
#/etc/init.d/firewall

echo "[Unit]
Description=Packet Filtering Framework
DefaultDependencies=no
After=systemd-sysctl.service
Before=sysinit.target
[Service]
Type=oneshot
ExecStart=/etc/init.d/firewall
ExecReload=/etc/init.d/firewall
ExecStop=/etc/init.d/firewall
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target" > /etc/systemd/system/iptables.service

systemctl enable iptables
systemctl start iptables

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to