Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ugh. I figured out how to uninstall the app with a rpm -e <rpm name> command. I then deleted the /etc/rc.firewall config file that it created. Now the iptables service won't start (even after a reboot). service iptables start doesn't do anything, and a service iptables status just reads: Firewall is stopped.
Is there a log file I can look at to see what might be broken?
Ugh. I figured out how to uninstall the app with a rpm -e <rpm name> command. I then deleted the /etc/rc.firewall config file that it created. Now the iptables service won't start (even after a reboot). service iptables start doesn't do anything, and a service iptables status just reads: Firewall is stopped.
Is there a log file I can look at to see what might be broken?
-Evan
What does iptables -nvL show now?
It doesn't sound like anything is broken, it sounds like it was properly set back into default.
I'm on my way out, so I won't get your reply until later today. But I wanted to leave this script here with you. Basically, execute it and it'll populate your /etc/sysconfig/iptables file for you. You should then be able to reboot and see that the port 1521/TCP rule is loaded, with logging enabled. You can then proceed to confirm it works by doing a port scan.
Chain INPUT (policy ACCEPT 2336 packets, 2050K bytes)
pkts bytes target port opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target port opt in out source destination
Chain OUTPUT (policy ACCEPT 2526 packets, 2536K bytes)
pkts bytes target port opt in out source destination
----
Looks like this is a normal "clean" config, correct?
Thanks so much for the script!! And thanks for adding the logging setting too! I'll run that today. What is the process for adding new "deny" ports? Just go into /etc/sysconfig/iptables and add a new line, using the same syntax as the ones you listed?
Yeah, that looks like the bug that's biting you. In fact, Red Hat themselves have a bug number assigned to this issue. The patch seems simple enough if you wanna go for it. Needless to say, backup the file before you edit it!
As for adding ports, I'd suggest editing the script and then re-executing it. This way your /etc/sysconfig/iptables file gets populated by the iptables-save binary itself, reducing the risk of human error.
Hey Thanks again. I'm trying to install that patch, but it doesn't include instructions for how to install the ".diff" attachement that they let you download. I tried just running it straight from a command line (like a .sh file) but it didn't work. Probably something easy I'm missing? This is the content of the file:
--- iptables.init 2004-09-17 11:41:31.000000000 +0100
+++ iptables.init.raw 2008-06-02 12:06:58.000000000 +0100
@@ -120,6 +120,11 @@
for i in $tables; do
echo -n "$i "
case "$i" in
+ raw)
+ $IPTABLES -t raw -P PREROUTING $policy \
+ && $IPTABLES -t raw -P OUTPUT $policy \
+ || let ret+=1
+ ;;
filter)
$IPTABLES -t filter -P INPUT $policy \
&& $IPTABLES -t filter -P OUTPUT $policy \
A diff is intended to be applied using the patch command. In this case, however, the diff is so small that you could easily do it by hand (it's still a good idea for you to learn to use the patch command later on, though). Basically, the lines begining with a plus sign mean that the line is to be added. The lines without a plus (or minus) sign are there to provide context, so you can know what the chunk you need to edit looks like. In this case, you're basically inserting this:
Code:
raw)
$IPTABLES -t raw -P PREROUTING $policy \
&& $IPTABLES -t raw -P OUTPUT $policy \
|| let ret+=1
;;
...right before the "filter)" line.
Those tables are included in the script I posted in order to make sure absolutely everything is clean and pristine, which is something I consider to be a good habit.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.