Menu
▾
▴
#3897 Linux Firewall - Rule Comments don't work
Hello,
It is impossible to add persistent rule comments to the firewall via Webmin 1.541 on my Ubuntu 10.04.
1 Using #-comments:
1.1 You can add/edit a rule and the comment is shown.
1.2 You can apply the rule.
1.3 You cannot revert the rule; the rule is being reverted, but the comment got lost and not displayed.
2 Using --comment-comments:
2.1 You can add/edit a rule and the comment is shown.
2.2 You cannot apply the rule: "Failed to apply configuration : iptables-restore: line 65 failed"
My iptables-version is 1.4.4.
When using # format comments, they will be lost if you revert as they aren't actually stored by the kernel.
Why revert your configuration though? This is very rarely needed ..
I am not sure which method is better:
Let Webmin editing the iptables directly or via a save-file?
Firstly, I am afraid to 'destroy' something when I edit the rules directly through Webmin.
Secondly, the "Activate on boot"-option is only available if Webmin edits the rules via a save-file.
These are my reasons for using the save-file-method and that's why I must apply & revert the rules.
What do you say? Shall I forget the comments for any reason? Or is there any way to get this working?
What I would recommend is using a save file, unless you have some other program that is also editing the live rules (unlikely).
When using a save file, you pretty much never need to click the "Revert" button, as this does the opposite of "Apply" - reverting will take the live rules and put them back into the save file. This should only be used if you have somehow messed up the saved rules, and way to re-generate them from the live rules.
Well...
Obviously, I musinderstood the meaning of the Revert-function. I considered this to be a load—edit—save-system (revert, edit, apply).
If you revert the live rules to the save-file, are they copied? So, dothey remain active in the memory or is the memory empty after reverting?
If I understand you right, the memory will never be empty: reverting puts the rules into the save-file (howveer, they remain active in the system) and applying overwrites the live-rules by that one in the save-file. So applying is only needed when I manually messed up the live-rules somehow... Aha, okay!
Well, I *do* have other programs that interfere with the iptables, e. g. fail2ban or my own perl-scripts. In fact, it should *not* matter, if Webmin uses save-file or live-editing, should it? Both methods edit the rules live - the save-file-method additionally has the ability to re-activate the rules upon booting. But when an external command adds a rules, it should appear in Webmin too. Does it?
If yes, the current rule-set would be saved to file and loaded upon next boot (if the "Activate on boot"-option would work).
Wow, that's pretty much text. Hope, I don't confuse you. And by the way thank you for so much attention and support! I really enjoy submitting bugs and feature requests, now that I know you care about your customers!
:-)