1 Topic by bserem

  • bserem
  • Member
  • Offline
  • Registered: 2015-02-17
  • Posts: 27

Topic: iptables fails to start

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version:  debian
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: 'systemctl status iptables.service' and 'journalctl -xn'
====

I found out that iptables wasn't starting on system:

root@mail:~# systemctl start iptables                                                                                                                     
Job for iptables.service failed. See 'systemctl status iptables.service' and 'journalctl -xn' for details.
root@mail:~# systemctl status iptables.service                                                                                                            
● iptables.service - LSB: Control iptables firewall.
   Loaded: loaded (/etc/init.d/iptables)
   Active: failed (Result: exit-code) since Tue 2015-09-22 08:58:32 CEST; 3s ago
  Process: 17620 ExecStart=/etc/init.d/iptables start (code=exited, status=1/FAILURE)

Sep 22 08:58:32 mail systemd[1]: Starting LSB: Control iptables firewall....
Sep 22 08:58:32 mail iptables[17620]: Flushing firewall rules: iptables.
Sep 22 08:58:32 mail iptables[17620]: Setting chains to policy ACCEPT: security raw nat mangle filter failed!
Sep 22 08:58:32 mail iptables[17620]: Applying iptables firewall rules:.
Sep 22 08:58:32 mail systemd[1]: iptables.service: control process exited, code=exited status=1
Sep 22 08:58:32 mail systemd[1]: Failed to start LSB: Control iptables firewall..
Sep 22 08:58:32 mail systemd[1]: Unit iptables.service entered failed state.

I solved this like that:

root@mail:/etc/init.d# git diff
diff --git a/init.d/iptables b/init.d/iptables
index 586f92b..439fddc 100755
--- a/init.d/iptables
+++ b/init.d/iptables
@@ -150,6 +150,12 @@ set_policy() {
     for i in $tables; do
         echo -n " $i"
         case "$i" in
+            security)
+                $IPTABLES -t filter -P INPUT $policy \
+                && $IPTABLES -t filter -P OUTPUT $policy \
+                && $IPTABLES -t filter -P FORWARD $policy \
+                || let ret+=1
+            ;;
             raw)
                 $IPTABLES -t raw -P PREROUTING $policy \
                 && $IPTABLES -t raw -P OUTPUT $policy \

source: https://www.hostvirtual.com/kb/6383/IPt … AILED.html

Do you want me to share the patch on bitbucket?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: iptables fails to start

Thanks for the feedback, patch is now committed.

bserem wrote:

Do you want me to share the patch on bitbucket?

Not this time, i already patched it by following your instruction. Next time you find any bug, you can send me a pull request on BitBucket directly.

3 Reply by bserem

  • bserem
  • Member
  • Offline
  • Registered: 2015-02-17
  • Posts: 27

Re: iptables fails to start

great, thanks smile