how uncover what start iptables?

[Frantisek Hanzlik]

Zdenek Pytela wrote:
> Frantisek Hanzlik pise:
>> I have disabled (not masked) iptables.service on F17 box.
>> But occasionally are this services started. There isn't any
>> record about it in system logs. Is there some (systemd native)
>> manner how detect who start this service?
>> (maybe via inotify tools I'm able detect access to
>> "/etc/sysconfig/iptables", but this give no information about
>> accessing process)
> Try if
> grep -r Requires=iptables.service /lib/systemd
> can be of any help to you.

In /lib/systemd/ and /etc/systemd/ no service requires iptables.
("grep -r 'iptables\.service' /lib/systemd/* /etc/systemd/*" return
nothing)

>> Second question about iptables: Is there any replacement for
>> "service iptables panic" command from old gold cheerful non-systemd days?
> Check /lib/systemd/system/iptables.service, you still may try
> /lib/systemd/system/iptables.service panic

Although "/lib/systemd/system/iptables.service" has mode 0755, I think
this is only packager mistake - systemd units IMO surely aren't
executable scripts. But You perhaps meant "/usr/libexec/iptables.init"
script (which seems identical with original "/etc/rc.d/init.d/" one.
And yes, "/usr/libexec/iptables.init panic" works as before.
But pre-systemd location and use know all, this new none :(


> You can also prepare two sets of iptables with the default be ACCEPT
> and then switch between them with a simple command with flushing/renaming/adding
> a chain.

Yes, it is solution too; but I would like know when it has been solved
someway when this service was transferred to systemd.