Per Jessen wrote:
Per Jessen wrote:
Well, I have no explanation, but it certainly looks very different on Leap, with sfw2 installed (vanilla config, but not enabled or running).
On my first attempt, no issues with _rpc_ or h323whatever and I'm seeing your boatload of rich rules being added too. Runtime 14minutes.
Total runtime with '-c' was 24 minutes. I removed the ipv6 bits and the port-ranges (30000-something). Looking at the iptables setup created/committed, it doesn't seem to be complete. I look for e.g. your rules concerning ports 514 or 5060, and I don't find any. None of all the rich rules with specific hosts. Operator error I expect.
I cleared out whatever was created and I'm now running the script again, with '-c'. I'll check back in 25min.
"cleared out" -> I rebooted. This time it worked, I have a comprehensive set of iptables rule, I can't really think of a reason why it didn't work on the first go. However, "--runtime-to-permanent" failed. Hehe, because of the comment I added a few minutes ago. Comment removed - still fails, "zone conflict: eth1". -- Per Jessen, Zürich (16.2°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes