[wplug] redhat 9 firewall problem

Vanco, Don don.vanco at agilysys.com
Mon Sep 29 14:14:45 EDT 2003 

Mike Griffin <mailto:mike at dmrnetworks.com> scribbled on Monday, September
29, 2003 1:32 PM:
> I'm just guessing from documents read in the past:
> 
> Try looking for a file named iptables-save or something similiar.
> Something like that could be checked for by a cron job or looked for
> in an initial attempt by the init script. I'm pretty sure RH falls
> under this default behavior. 
> 
> Might also want to check out the commands  iptables-save and
> iptables-restore to understand the behavior.

	I believe that under RH9 these are handled by modifiers to the
"service" command.  Looking at /etc/initd.d/iptables or simply typing
"service iptables" will yield the available options.  Anything doing rules
any other way is not "as delivered" in RH9 - IIRC there's nothing from RH
that calls iptables-save or iptables-restore.  Not sure what effect there
might be on subsequent behavior if you started to use these "manually" - or
if you started to mess with something like "gnome-lokkit" - I could see
where mixing tools might decidedly lead to some confusion on the system.
	Cron certainly seems like a good place to look based on the apparent
"periodic" changing of the rules....

[root at vmora root]# service iptables
Usage: /etc/init.d/iptables
{start|stop|restart|condrestart|status|panic|save}
	...on my Severn .94 system.

Don


> On Monday, September 29, 2003, at 12:17  PM,
> squeegy-wplug at squeegy.org
> wrote:
> 
>> I have a strange problem that maybe one of the RH gurus can help me
>> with. I have a set of rules in /etc/sysconfig/iptables that is I
>> start my firewall with they work fine, but on bootup and
>> periodically the rules change and are more restrictive, breaking
>> stuff.  I have stopped iptables only to have the rules to show up a
>> short time later.  I have looked in /etc/init.d and the only scripts
>> making iptables calls are ntp and iptables.  I have moved
>> /etc/system/iptables to another name but seeings it doesn't seem to
>> use the file, the rules keep being reapplied.  this was a new RedHat
>> 9 install not an upgrade. 
>  I am not
>> doing anything in cron that I can tell.  Anybody have any
>> suggestions?  Thanks. 
>> 
>> Jt Chiodi

More information about the wplug mailing list