Modify

Opened 6 years ago

Last modified 6 years ago

#11854 new defect

'/etc/init.d/firewall stop' does not flush mangle table

Reported by: Damian Kaczkowski <damian.kaczkowski@…> Owned by: developers
Priority: low Milestone: Bugs Paradise
Component: packages Version: Trunk
Keywords: Cc:

Description

Just as subject says:

/etc/init.d/firewall stop

does not fully flush mangle table. It leaves some rules which were added for example by hand, firewall.user, customs scripts, etc.

root@OpenWrt:~# cat /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

iptables -t mangle -I POSTROUTING -p icmp -j LOG --log-prefix "TEST"
root@OpenWrt:~# /etc/init.d/firewall restart
root@OpenWrt:~# /etc/init.d/firewall restart
root@OpenWrt:~# /etc/init.d/firewall restart
root@OpenWrt:~# /etc/init.d/firewall restart
root@OpenWrt:~# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
zone_wan_MSSFIX  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
LOG        icmp --  anywhere             anywhere            LOG level warning prefix `TEST'
LOG        icmp --  anywhere             anywhere            LOG level warning prefix `TEST'
LOG        icmp --  anywhere             anywhere            LOG level warning prefix `TEST'
LOG        icmp --  anywhere             anywhere            LOG level warning prefix `TEST'

Chain zone_wan_MSSFIX (1 references)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
root@OpenWrt:~# /etc/init.d/firewall stop
root@OpenWrt:~# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
LOG        icmp --  anywhere             anywhere            LOG level warning prefix `TEST'
LOG        icmp --  anywhere             anywhere            LOG level warning prefix `TEST'
LOG        icmp --  anywhere             anywhere            LOG level warning prefix `TEST'
LOG        icmp --  anywhere             anywhere            LOG level warning prefix `TEST'

Attachments (0)

Change History (1)

comment:1 Changed 6 years ago by jow

  • Milestone changed from Attitude Adjustment (trunk) to Bugs Paradise
  • Priority changed from normal to low

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.