BUG IPtables issue with IncrediblePI

jeremy.wall

New Member
Joined
Jan 18, 2016
Messages
1
Reaction score
0
Hi all
Hoping to get some help with an issue
Installed Incredible PBX with Raspbian 8 Jessie on Raspberry Pi 2
When I run /root/add-ip,
The following whitelisted services were requested for IP:

SIP (UDP)

Failed to restart iptables-persistent.service: Unit iptables-persistent.service failed to load: No such file or directory.

IP address successfully added to WhiteList.
To display current iptables rules in effect for this IP address, press Enter.
The following iptables rules now are in effect for IP:

However If i run iptables-restart afterwards,
[....] Restarting netfilter-persistent (via systemctl): netfilter-persistent.ser[ ok.
No IPtables problems found.
IPtables now running.

Works fine. Can anyone help me with stopping this error?
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Hi all
Hoping to get some help with an issue
Installed Incredible PBX with Raspbian 8 Jessie on Raspberry Pi 2
When I run /root/add-ip,
The following whitelisted services were requested for IP:

SIP (UDP)

Failed to restart iptables-persistent.service: Unit iptables-persistent.service failed to load: No such file or directory.

IP address successfully added to WhiteList.
To display current iptables rules in effect for this IP address, press Enter.
The following iptables rules now are in effect for IP:

However If i run iptables-restart afterwards,
[....] Restarting netfilter-persistent (via systemctl): netfilter-persistent.ser[ ok.
No IPtables problems found.
IPtables now running.

Works fine. Can anyone help me with stopping this error?

Here's the fix:
Code:
sed -i 's|service iptables-persistent|/etc/init.d/netfilter-persistent|' /root/add-ip

Thanks. We'll push it out to everybody.
 

ostridge

Guru
Joined
Jan 22, 2015
Messages
1,618
Reaction score
517
I just got
Code:
Failed to restart iptables-persistent.service: Unit iptables-persistent.service failed to load: No such file or directory.

pbxstatus
IPtables DN

Did this-
Code:
sed -i 's|service iptables-persistent|/etc/init.d/netfilter-persistent|' /root/add-ip
but
pbxstatus
IPtables DN still down

Should iptables-restart be changed as well with /etc/init.d/netfilter-persistent
Code:
root@raspberrypi3:~ $ cat ./iptables-restart
#!/bin/bash
service netfilter.persistent restart
TEST=`systemctl status netfilter-persistent.service | tail -1 | grep "failed"`
if [[ -z "$TEST" ]]; then
 echo "No IPtables problems found."
 echo "IPtables now running."
else
 echo "Failed"
 iptables-restore /etc/iptables/rules.v4 2>/tmp/errorfile
 TEST=`cat /tmp/errorfile`
while [[ "$TEST" == *Error* ]]; do
 LINENUM=`cat /tmp/errorfile | cut -f 2 -d ":" | tail -2 | head -n 1 | tr -d ' '`
 FQDN=`cat /tmp/errorfile | cut -f 1 -d "'" | head -n 1 | cut -f 4 -d " "`
 echo " "
 echo "******** 10-SECOND WARNING ALERT ***********"
 echo "IPtables FQDN problem on line: $LINENUM"
 echo "The unresolvable FQDN is $FQDN."
 echo "This rule will be temporarily disabled to allow IPtables to start."
 echo "Check and correct line $LINENUM in /etc/iptables/rules.v4."
 echo "******** 10-SECOND WARNING ALERT ***********"
 echo " "
 sed -i "$LINENUM s:^:#***:" /etc/iptables/rules.v4
 sleep 10
 service netfilter.persistent restart
 TEST=`systemctl status netfilter-persistent.service | tail -1 | grep "failed"`
 iptables-restore /etc/iptables/rules.v4 2>/tmp/errorfile
 TEST=`cat /tmp/errorfile`
done
service netfilter-persistent restart
#sed -i 's|#\*\*\*||' /etc/iptables/rules.v4
echo "IPtables problems noted above were commented out."
echo "Fix the problems identified in /etc/iptables/rules.v4"
echo "IPtables now running without the offending rules(s)."
fi
service fail2ban restart

root@raspberrypi3:~ $
root@raspberrypi3:~ $ ./iptables-restart
Failed to restart netfilter.persistent.service: Unit netfilter.persistent.service failed to load: No such file or director y.
No IPtables problems found.
IPtables now running.
[/code]
Code:
pbxstatus
  IPtables: DN

Code:
root@raspberrypi3:~ $ service netfilter-persistent status
● netfilter-persistent.service - netfilter persistent configuration
   Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled)
   Active: active (exited) since Sun 2016-12-11 01:51:27 GMT; 1 day 22h ago
 Main PID: 792 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/netfilter-persistent.service

Dec 11 01:51:27 raspberrypi3 netfilter-persistent[783]: Automatic flush disabled; use '/usr/sbin/netfilter-persistent flush'
Dec 11 01:51:27 raspberrypi3 netfilter-persistent[792]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Dec 11 01:51:27 raspberrypi3 netfilter-persistent[792]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Dec 11 01:51:27 raspberrypi3 systemd[1]: Started netfilter persistent configuration.
Dec 11 02:11:44 raspberrypi3 systemd[1]: Started netfilter persistent configuration.

Code:
root@raspberrypi3:~ $ service netfilter-persistent --status
Usage: /etc/init.d/netfilter-persistent {start|restart|reload|force-reload|save|flush}


Got my /etciptables/rules.v4 running again after all lines had been disabled by the software prefixing #*** to every line. I downloaded the rules.v4 to win7 then using npp I did a Replace of the "#***" to substitute "" Replace All; saved the file and uploaded it to the server using Webmin Upload and download/upload to /etc/iptables with the chown setting to root:root

Then a
Code:
reboot
and followed through with some double checking of the added stuff with /root/del-acct ; /root/add-fqdn ; and /root/add-ip .

Anyways iptables is now UP so for me that is now SOLVED.
 
Last edited:

ostridge

Guru
Joined
Jan 22, 2015
Messages
1,618
Reaction score
517
@wardmundy I still have 2 versions of iptables-restart on my pi3
Code:
root@raspberrypi:~# which iptables-restart
/usr/local/sbin/iptables-restart

If not mistaken - I think that the old version is still at /root/iptables-restart (with at line2 service netfilter.persistent restart )

Code:
chmod -x /root/iptables-restart
mv /root/iptables-restart /root/iptables-restart.old
#or add symlink to /usr/local/sbin/iptables-restart
ln -s /usr/local/sbin/iptables-restart /root/iptables-restart

pbxstatus:
Incredible PBX 13-12.17 for Raspberry Pi 3B
Asterisk: UP Apache: UP MySQL: UP
SendMail: UP IPtables: UP SSH: UP
LAN port: UP Fail2Ban: UP Webmin: UP
GV OAUTH: UP Chan-SCCP: UP NR VPN: UP
FaxGetty: DN IAX Modem: DN HylaFax: DN

RAM:58532 Raspbian (Jessie) Disk:51G
Asterisk 13.12.2 + Incredible GUI 12.0.39
 

Members online

No members online now.

Forum statistics

Threads
25,782
Messages
167,509
Members
19,202
Latest member
pbxnewguy
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top