[Spce-user] Starting firewall on boot

Daniel Grotti dgrotti at sipwise.com
Mon Aug 13 09:43:36 EDT 2018


Hi,
yes, we are aware of this bug.
As a workaround, feel free to try the following:


1. Remove the rtpengine insert in the rules.v4.tt2
2. Add into /usr/share/netfilter-persistent/plugins.d/rtpengine, the 
following lines:
----
#!/bin/bash

/sbin/iptables -N rtpengine && /sbin/iptables -I rtpengine 1 -p udp -j 
RTPENGINE --id 0 2>/dev/null && /sbin/iptables -I INPUT 1 -j rtpengine
/sbin/iptables -X rtpengine 2>/dev/null && echo "Kernel module for 
rtpengine not loaded: omitting rules"
----------


This should be fix the issue after reboot as well as after a change in 
netfilter rule (and netfilter apply).

We will fix the issue properly in the next releases.


-- 
Daniel Grotti
Head of Customer Support
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge

Office: +43(0)130120332
Email: dgrotti at sipwise.com
Website: https://www.sipwise.com

On 08/01/2018 12:17 AM, Steve Saner wrote:
> Are most people here turning on the firewall rules as provided by the 
> ngcp-config?
>
> If so, how are you getting those firewall rules to start on boot?
>
> It appears that things are set up to use the netfilter-persistent 
> package to load the firewall rules on boot and a file 
> /etc/iptables/rules.v4 is created by ngcpcfg for that purpose.
>
> For me, however, netfilter-persistent is failing to load the rules.
>
> The reason, I believe, is because the rules in rules.v4 include the 
> rtpengine stuff and the jump to the RTPENGINE chain. When the 
> netfilter-persistent service is started, however, the kernel support 
> for RTPENGINE is not yet running, and so the iptables-restore fails.
>
> It seems to me that the rules stored in rules.v4 should skip the rtp 
> engine stuff especially since those rules will be added automatically 
> when the ngcp-rtpengine-daemon service starts anyway.
>
>
> Am I missing something?
>
> Steve
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20180813/ffaafeea/attachment.html>


More information about the Spce-user mailing list