[wplug] redhat 9 firewall problem

Mike Griffin mike at dmrnetworks.com
Mon Sep 29 14:31:33 EDT 2003 

I agree that it sounds like cron is controlling this. They never 
specified what they did before this happens. Maybe they restart start a 
certain service then the firewall rules change. If the box is just 
sitting there routing packets without anything being touched and all of 
a sudden things change, that's a different story and cron scripts 
should be the first place to look.

I was pointing out that IF cron was controlling such a thing, I would 
look for those commands within the cron scripts or the file itself ( 
iptables-restore would be pulling from a file) and go from there.


Mike


On Monday, September 29, 2003, at 02:14  PM, Vanco, Don wrote:

> Mike Griffin <mailto:mike at dmrnetworks.com> scribbled on Monday, 
> September
> 29, 2003 1:32 PM:
>> I'm just guessing from documents read in the past:
>>
>> Try looking for a file named iptables-save or something similiar.
>> Something like that could be checked for by a cron job or looked for
>> in an initial attempt by the init script. I'm pretty sure RH falls
>> under this default behavior.
>>
>> Might also want to check out the commands  iptables-save and
>> iptables-restore to understand the behavior.
>
> 	I believe that under RH9 these are handled by modifiers to the
> "service" command.  Looking at /etc/initd.d/iptables or simply typing
> "service iptables" will yield the available options.  Anything doing 
> rules
> any other way is not "as delivered" in RH9 - IIRC there's nothing from 
> RH
> that calls iptables-save or iptables-restore.  Not sure what effect 
> there
> might be on subsequent behavior if you started to use these "manually" 
> - or
> if you started to mess with something like "gnome-lokkit" - I could see
> where mixing tools might decidedly lead to some confusion on the 
> system.
> 	Cron certainly seems like a good place to look based on the apparent
> "periodic" changing of the rules....
>
> [root at vmora root]# service iptables
> Usage: /etc/init.d/iptables
> {start|stop|restart|condrestart|status|panic|save}
> 	...on my Severn .94 system.
>
> Don
>
>
>> On Monday, September 29, 2003, at 12:17  PM,
>> squeegy-wplug at squeegy.org
>> wrote:
>>
>>> I have a strange problem that maybe one of the RH gurus can help me
>>> with. I have a set of rules in /etc/sysconfig/iptables that is I
>>> start my firewall with they work fine, but on bootup and
>>> periodically the rules change and are more restrictive, breaking
>>> stuff.  I have stopped iptables only to have the rules to show up a
>>> short time later.  I have looked in /etc/init.d and the only scripts
>>> making iptables calls are ntp and iptables.  I have moved
>>> /etc/system/iptables to another name but seeings it doesn't seem to
>>> use the file, the rules keep being reapplied.  this was a new RedHat
>>> 9 install not an upgrade.
>>  I am not
>>> doing anything in cron that I can tell.  Anybody have any
>>> suggestions?  Thanks.
>>>
>>> Jt Chiodi
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>

More information about the wplug mailing list