Re: iptables has amnesia :-)

On Tue, 2007-08-21 at 06:56 -0700, Don Russell wrote:
Don Russell wrote:
Mikkel L. Ellertson wrote:
Don Russell wrote:

Mikkel L. Ellertson wrote:

If you are talking about the rules not surviving a reboot, try
running "service iptables save" and/or "service ip6tables save". If
you want the changes saved automatically, edit
/etc/sysconfig/iptables.conf and change
IPTABLES_SAVE_ON_RESTART="no" to IPTABLES_SAVE_ON_STOP="yes". Do
the same for /etc/sysconfig/ip6tables.conf.

Mikkel

I must have deleted a section of my message somehow before I sent it
- there should be advice about changing 2 variables, but there is
the default state of one, and the needed state of the other...

ah... that's good to know... BUT.... in neither case have I restarted
the system....

I'll have a look at that config file though and see if there are any
clues. :-)

Maybe what I need to do (as you suggest) is "service iptables save"
after adding the rules and verifying they work correctly.

(I looked at the webmin method specifically for some form of "save
these
rules", but there is only "apply thse rules", which I did need to do)


Please post back what you find, as this seams to be a strange one -
the rules should not vanish on a normally running system. Are
logging out and logging back in at the console, or bringing down an
interface, and bringing it back up between setting the rules, and
then vanishing?

Mikkel


IPTABLES_SAVE_ON_RESTART and IPTABLES_SAVE_ON_STOP are both set to the
default value of "no".

So, I guess my question becomes, when does the firewall stop or restart?

I log on to a non-root user via ssh, then "su -"/"exit" to make the
iptables changes.... I have not restarted the whole machine, nor have
I restarted the iptables service.... does it restart periodically for
some reason? I haven't added anything to cron etc to make that happen...

I'm not restarting the interface....

I don't see what I could have done that cause d the firewall to
stop/restart....

To quote Alice.... "Curiouser and curiouser..."

This morning I can't connect to webmin again.... when I connect to my
FC7 box via ssh and use iptables -L... sure enough, the two rules are
gone again.... and this is AFTER I did a "'service iptables save", when
I added the two rules yesterday.

#iptables -I INBOUND 13 -p tcp --dport 10000 -j ACCEPT
#iptables -I INBOUND 14 -p tcp --dport 20000 -j ACCEPT
#service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

The good news is... when I can't connect to webmin, I know what to look
for right away and it's solved (temporarily) in a minute....

Are you sure you don't have a rootkit on there? I don't know of a
way for the iptables to get changed except by a command being run.
If you're not doing it, it's either a cron job somewhere or a lurking
hacker. You might want to try doing an nmap scan against the machine
and see which ports are open to see if there's a back door that
someone's using.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx -
- CDN Systems, Internap, Inc. http://www.internap.com -
- -
- Programmers often confuse Halloween and Christmas. -
- After all, 31 Oct is the same as 25 Dec! -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: iptables help
    ... >> I tried to customize and set up firewall using iptables on Red Hat ... >> restart or service iptables restart. ... Running service iptables save will only cause the system to save the rules ...
    (RedHat)
  • Re: iptables has amnesia :-)
    ... Maybe what I need to do is "service iptables save" ... So, I guess my question becomes, when does the firewall stop or restart? ... This morning I can't connect to webmin again.... ... and this is AFTER I did a "'service iptables save", when I added the two rules yesterday. ...
    (Fedora)
  • Re: iptables restart hangs
    ... On Wed, 2005-02-23 at 11:17 -0500, Ian P. Thomas wrote: ... >> my local iptables scripts if I don't like the way it is currently done. ... > I'll have to write 'restart', but that doesn't seem to hard. ... Actually, what you are describing is normally reserved for "reload", not ...
    (Fedora)
  • Re: iptables restart hangs
    ... | option set, "iptables restart" will still flush all rules, set default ... And you can't use "iptables ... | to save fw rules before stopping the firewall). ... something should be added to the restart script. ...
    (Fedora)
  • Re: iptables has amnesia :-)
    ... Maybe what I need to do is "service iptables save" ... So, I guess my question becomes, when does the firewall stop or restart? ... This morning I can't connect to webmin again.... ... and this is AFTER I did a "'service iptables save", when I added the two rules yesterday. ...
    (Fedora)