Mailinglist Archive: opensuse-security (16 mails)

< Previous Next >
Re: [opensuse-security] Custom iptables command doesn't work as expected
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Mon, 19 Aug 2013 14:59:15 +0200
  • Message-id: <>
Hans-Peter Jansen wrote:
I try to use an iptables command in conjunction with SuSEfirewall2
(version 3.6.295 on openSUSE 12.2, kernel-desktop-3.4.47-2.38.1.x86_64).

Using it standalone, it works as expected:

SuSEfirewall2 stop
iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner \! --uid-owner root -j
If this iptables command is integrated in


it doesn't work anymore: rtmpsuck doesn't detect any streams.

Your problem is probably not related to OUTPUT but to INPUT. Check
"SuSEfirewall2 status" before and after running your program. Compare the
packet counters. The packets in question might have been dropped so
some drop rule should have increased it's counter.

SuSEfirewall2 non-default settings (LAN-client):
FW_DEV_INT="eth0 eth1"

The yes and no settings are an attempt to fix the issue in question.

If eth0 and eth1 are your only interfaces a firewall config like the
above one doesn't make much sense really. Just switch it off to avoid
all the problems.


(o_ Ludwig Nussel
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend├Ârffer, HRB
16746 (AG N├╝rnberg)
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >