[opensuse] Why doesn't this work?

From: Richard Creighton <ricreig@xxxxxxxxx>
Date: Wed, 28 Nov 2007 11:36:36 -0500

asus:~ # crontab -e -u root

15 11 * * * /root/OFF.sh
11 22 * * * /root/ON.sh

:wq

asus:~ # cat OFF.sh
#!/bin/bash
iptables -I OUTPUT -s 0/0 -p tcp --dport 80 -j DROP

done manually
asus:~ # ./OFF.sh
asus:~ # iptables -L -n | less
...
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELAT

done automatically by cron
/var/log/messages
asus:~ # tailf /var/log/messages
Nov 28 11:10:16 asus crontab[27601]: (root) REPLACE (root)
Nov 28 11:10:16 asus crontab[27601]: (root) END EDIT (root)
Nov 28 11:11:01 asus /usr/sbin/cron[10805]: (root) RELOAD (tabs/root)
Nov 28 11:15:01 asus /usr/sbin/cron[27624]: (root) CMD (/root/OFF.sh )

asus:~ # iptables -L -n | less
...
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELAT

When I execute OFF.sh manually, IPTABLES turns off port 80 outbound as I
desire to prevent outbound access on the browser. The listing verifies
that the OUTPUT chain is updated and in fact the browser cannot access
anything. So far, so good.

At 11:15, the messages log shows that cron executed the OFF.sh shell as
the crontab entries for root commanded but the iptables dump for the
OUTPUT section are unchanged and there is no interruption in outbounf
access. Why would this not work from cron but work manually. BTW, it
makes no difference if the command is run from a script or directly from
the cron line after the time. It gets logged as if it is executing but
does not affect iptables but the exact same command cut-and-paste as a
command works as expected. What dumb am I overlooking? As a test, I
had it ECHO to a file in my user account and it did create the files so
the root crontab file actually does something, it just doesn't affect
iptables.

Thanks in advance
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Follow-Ups:
- Re: [opensuse] Why doesn't this work?
  - From: Jeff Mahoney

Prev by Date: Re: [opensuse] Suse 9.0 Enterprise Server is not recognizing SATA drives
Next by Date: Re: [opensuse] vsftpd ports
Previous by thread: [opensuse] zmd: ShutdownManager (WARN): Preparing to sleep...
Next by thread: Re: [opensuse] Why doesn't this work?
Index(es):
- Date
- Thread

Relevant Pages

Re: [opensuse] Why doesnt this work?
... Chain OUTPUT ... IPTABLES turns off port 80 outbound as I ... the messages log shows that cron executed the OFF.sh shell as ... makes no difference if the command is run from a script or directly from ...
(SuSE)
[Fwd: OpenBase SQL multiple vulnerabilities Part Deux]
... # Writing to roots crontab seems to be fairly prompt at handing out root shells ... This ensures that cron is running when the fake root crontab is created. ... the OpenBase family of products have been enabling some of the most innovative business applications ...
(Bugtraq)
RE: cron.daily stopped working
... expiration with command "passwd -f root " and then setup a test root ... cron. ... job in /etc/cron.daily just stopped working. ... unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe ...
(RedHat)
Re: Cron Job
... If you mean the computer itself, put that command ... The standard 'cron' runs jobs at a specific time/date. ... Init or @reboot run jobs when ... Sunday night at 02:00) then copy the script and cron entry. ...
(comp.os.linux.misc)
Re: Cygwin problem with cron and networked drives
... command line it is recognized. ... Is the cron job running on a linux system or an MS Windows system? ... versus the user running the cron job. ...
(comp.os.linux.networking)