Mailinglist Archive: opensuse-security (16 mails)

< Previous Next >
[opensuse-security] Custom iptables command doesn't work as expected
  • From: Hans-Peter Jansen <hpj@xxxxxxxxx>
  • Date: Wed, 14 Aug 2013 17:46:59 +0200
  • Message-id: <1603384.kSh6NzMCBe@xrated>

I try to use an iptables command in conjunction with SuSEfirewall2
(version 3.6.295 on openSUSE 12.2, kernel-desktop-3.4.47-2.38.1.x86_64).

Using it standalone, it works as expected:

SuSEfirewall2 stop
iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner \! --uid-owner root -j

Running rtmpsuck (2.3) behaves as expected (mostly), it catches flv streams,
that you display with your browser, and stores them.. (if not, try to
restart rtmpsuck.)

If this iptables command is integrated in


it doesn't work anymore: rtmpsuck doesn't detect any streams.

SuSEfirewall2 non-default settings (LAN-client):
FW_DEV_INT="eth0 eth1"

The yes and no settings are an attempt to fix the issue in question.

I would think, it doesn't matter, from which custom callback this command
is executed, but I tried all of them without luck already. What's really
strange is, SuSEfirewall2 status shows the relevant entry correctly:

### iptables nat ###
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

0 0 REDIRECT tcp -- * *
tcp dpt:1935 ! owner UID match 0

and yes, I call rtmpsuck as root (for testing purposes).

BTW, I got best results with rtmpsuck version 2.3. Neither Packmans git
version, nor a self backed one based on current git "behaved" well.
Since version 2.3 isn't easily available for openSUSE, you can fetch it

Does somebody in the audience have an idea, why this doesn't work together
with SuSEfirewall2?

Thanks in advance,
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups