[Spce-user] Starting firewall on boot

Daniel Grotti dgrotti at sipwise.com
Mon Aug 13 09:43:36 EDT 2018

yes, we are aware of this bug.
As a workaround, feel free to try the following:

1. Remove the rtpengine insert in the rules.v4.tt2
2. Add into /usr/share/netfilter-persistent/plugins.d/rtpengine, the 
following lines:

/sbin/iptables -N rtpengine && /sbin/iptables -I rtpengine 1 -p udp -j 
RTPENGINE --id 0 2>/dev/null && /sbin/iptables -I INPUT 1 -j rtpengine
/sbin/iptables -X rtpengine 2>/dev/null && echo "Kernel module for 
rtpengine not loaded: omitting rules"

This should be fix the issue after reboot as well as after a change in 
netfilter rule (and netfilter apply).

We will fix the issue properly in the next releases.

Daniel Grotti
Head of Customer Support
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge

Office: +43(0)130120332
Email: dgrotti at sipwise.com
Website: https://www.sipwise.com

On 08/01/2018 12:17 AM, Steve Saner wrote:
> Are most people here turning on the firewall rules as provided by the 
> ngcp-config?
> If so, how are you getting those firewall rules to start on boot?
> It appears that things are set up to use the netfilter-persistent 
> package to load the firewall rules on boot and a file 
> /etc/iptables/rules.v4 is created by ngcpcfg for that purpose.
> For me, however, netfilter-persistent is failing to load the rules.
> The reason, I believe, is because the rules in rules.v4 include the 
> rtpengine stuff and the jump to the RTPENGINE chain. When the 
> netfilter-persistent service is started, however, the kernel support 
> for RTPENGINE is not yet running, and so the iptables-restore fails.
> It seems to me that the rules stored in rules.v4 should skip the rtp 
> engine stuff especially since those rules will be added automatically 
> when the ngcp-rtpengine-daemon service starts anyway.
> Am I missing something?
> Steve

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20180813/ffaafeea/attachment.html>

More information about the Spce-user mailing list