[wplug] redhat 9 firewall problem
Mike Griffin
mike at dmrnetworks.com
Mon Sep 29 14:31:33 EDT 2003
I agree that it sounds like cron is controlling this. They never
specified what they did before this happens. Maybe they restart start a
certain service then the firewall rules change. If the box is just
sitting there routing packets without anything being touched and all of
a sudden things change, that's a different story and cron scripts
should be the first place to look.
I was pointing out that IF cron was controlling such a thing, I would
look for those commands within the cron scripts or the file itself (
iptables-restore would be pulling from a file) and go from there.
Mike
On Monday, September 29, 2003, at 02:14 PM, Vanco, Don wrote:
> Mike Griffin <mailto:mike at dmrnetworks.com> scribbled on Monday,
> September
> 29, 2003 1:32 PM:
>> I'm just guessing from documents read in the past:
>>
>> Try looking for a file named iptables-save or something similiar.
>> Something like that could be checked for by a cron job or looked for
>> in an initial attempt by the init script. I'm pretty sure RH falls
>> under this default behavior.
>>
>> Might also want to check out the commands iptables-save and
>> iptables-restore to understand the behavior.
>
> I believe that under RH9 these are handled by modifiers to the
> "service" command. Looking at /etc/initd.d/iptables or simply typing
> "service iptables" will yield the available options. Anything doing
> rules
> any other way is not "as delivered" in RH9 - IIRC there's nothing from
> RH
> that calls iptables-save or iptables-restore. Not sure what effect
> there
> might be on subsequent behavior if you started to use these "manually"
> - or
> if you started to mess with something like "gnome-lokkit" - I could see
> where mixing tools might decidedly lead to some confusion on the
> system.
> Cron certainly seems like a good place to look based on the apparent
> "periodic" changing of the rules....
>
> [root at vmora root]# service iptables
> Usage: /etc/init.d/iptables
> {start|stop|restart|condrestart|status|panic|save}
> ...on my Severn .94 system.
>
> Don
>
>
>> On Monday, September 29, 2003, at 12:17 PM,
>> squeegy-wplug at squeegy.org
>> wrote:
>>
>>> I have a strange problem that maybe one of the RH gurus can help me
>>> with. I have a set of rules in /etc/sysconfig/iptables that is I
>>> start my firewall with they work fine, but on bootup and
>>> periodically the rules change and are more restrictive, breaking
>>> stuff. I have stopped iptables only to have the rules to show up a
>>> short time later. I have looked in /etc/init.d and the only scripts
>>> making iptables calls are ntp and iptables. I have moved
>>> /etc/system/iptables to another name but seeings it doesn't seem to
>>> use the file, the rules keep being reapplied. this was a new RedHat
>>> 9 install not an upgrade.
>> I am not
>>> doing anything in cron that I can tell. Anybody have any
>>> suggestions? Thanks.
>>>
>>> Jt Chiodi
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
More information about the wplug
mailing list