LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 01-28-2012, 03:19 PM   #1
anirvana
Member
 
Registered: Mar 2007
Posts: 30

Rep: Reputation: 15
Smile Problem saving iptables rules in Ubuntu 8.10


Hello all,
I have been trying to save some modifications to my iptables rules and have been observing some interesting, but frustrating, behavior. Any help/advice is very appreciated.

What am I trying to do: open up a port using iptables.
What have I done:
-created an iptables backup with iptables-save, modified it, used iptables-restore
-modified /etc/network/interface to contain pre-up iptables-restore and post-down iptables-save statement
-modified /etc/network/-if-pre-up.d/iptables to conatin shell command to use iptables-restore

The problem: When I log out of my ssh session, iptables goes back to what it was without the statement to open up the port I want to.

When I log in again, use iptables-restore and use iptables -L -v I can see that the necessary statements are in the iptables rules.

Once again when I log out, the rules get changed, the port gets shut down. I have tried doing this in a screen session and detaching from it and then closing down my ssh session, yet no success.

What can I do to make sure iptables does not restore to original state after I log out?

Thanks.
 
Old 01-28-2012, 03:58 PM   #2
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, Ubuntu, SLES, CentOS
Posts: 1,790

Rep: Reputation: 324Reputation: 324Reputation: 324Reputation: 324
@ Reply

Hi anirvana,

Need to know if you are saving your firewall rules to a file or not. If not then do it the following way:

1. Make a backup of initial rules using the following command:

Code:
sudo iptables-save > /etc/initial-rules.txt
2. Edit your firewall rules and save the iptables as follows:

Code:
sudo iptables-save > /etc/iptablesrules-edited.txt
Quote:
-modified /etc/network/-if-pre-up.d/iptables to conatin shell command to use iptables-restore
Use the following command to restore it:

Code:
iptables-restore < /etc/iptablesrules-edited.txt
One thing that I would like to point out is that Ubuntu 8.10 is pretty old and its supported ended way back. It will be a good idea to upgrade your system.
 
Old 01-28-2012, 04:09 PM   #3
anirvana
Member
 
Registered: Mar 2007
Posts: 30

Original Poster
Rep: Reputation: 15
@ T3RM1NVT0R

Thanks for the reply. Yes, you are right, the system I inherited is pretty old! I will be upgrading it :-)

The interesting thing is when I use iptables-restore to load in the modified iptables rules, and do iptables -L -v everything is as it should be, ports are open etc.. as soon as I logout of the ssh session, port shuts down. Again, when I log in, usin iptables -L -v, the modified entry loaded via iptables-restore is no longer there!

kind of tearing my remaining hair

I will keep plugging away at this.
 
Old 01-28-2012, 04:15 PM   #4
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, Ubuntu, SLES, CentOS
Posts: 1,790

Rep: Reputation: 324Reputation: 324Reputation: 324Reputation: 324
@ Reply

Are you doing it the same way I mentioned in my previous post. I have tested this on my Ubuntu system and it works fine even after reboot.
 
Old 01-28-2012, 04:27 PM   #5
anirvana
Member
 
Registered: Mar 2007
Posts: 30

Original Poster
Rep: Reputation: 15
yes, just tried it. Somehow after logging out of ssh session, something is overwriting my changes!
 
Old 01-28-2012, 04:34 PM   #6
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, Ubuntu, SLES, CentOS
Posts: 1,790

Rep: Reputation: 324Reputation: 324Reputation: 324Reputation: 324
@ Reply

Did you check the user's (account with which you are logging) .bash_logout. If not then check it out. It might be possible that you have set some instructions related to iptables there and probably forgot about them.
 
Old 01-28-2012, 04:38 PM   #7
anirvana
Member
 
Registered: Mar 2007
Posts: 30

Original Poster
Rep: Reputation: 15
Brilliant! I found the issue in .bashrc of the user. Apparently, someone got inspired to leave in a iptables-restore line in .bashrc that was overwriting my changes!

Thank you very much! Life is peaceful once again ... :-)
 
Old 01-28-2012, 04:50 PM   #8
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, Ubuntu, SLES, CentOS
Posts: 1,790

Rep: Reputation: 324Reputation: 324Reputation: 324Reputation: 324
@ Reply

Great!!! Good to hear that you got it sorted. I thought of it because some administrator use this as failsafe. Suppose they set up a rule to block ssh and what if they will log out and then not able to ssh back into the machine.

Usually they do remove after testing but in your case it appears that someone forgot to remove after testing :-)

Enjoy linux!!!
 
  


Reply

Tags
iptables, logout, ssh, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Some iptables rules are not working on Ubuntu 8.10 server PossumJerky Linux - Security 1 02-04-2009 08:47 AM
IPTables not saving rules linuxmandrake Suse/Novell 3 10-05-2007 02:43 PM
iptables rules problem robert.ion Linux - Networking 5 06-05-2007 03:06 AM
iptables rules for an ubuntu gateway (filtering connections to and from Internet) Zingaro2002 Linux - Networking 4 05-06-2007 03:01 AM
IPTABLES rules not saving on reboot blueplazma Linux - Security 1 01-02-2003 10:36 PM


All times are GMT -5. The time now is 02:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration