[SOLVED] Problem saving iptables rules in Ubuntu 8.10
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello all,
I have been trying to save some modifications to my iptables rules and have been observing some interesting, but frustrating, behavior. Any help/advice is very appreciated.
What am I trying to do: open up a port using iptables.
What have I done:
-created an iptables backup with iptables-save, modified it, used iptables-restore
-modified /etc/network/interface to contain pre-up iptables-restore and post-down iptables-save statement
-modified /etc/network/-if-pre-up.d/iptables to conatin shell command to use iptables-restore
The problem: When I log out of my ssh session, iptables goes back to what it was without the statement to open up the port I want to.
When I log in again, use iptables-restore and use iptables -L -v I can see that the necessary statements are in the iptables rules.
Once again when I log out, the rules get changed, the port gets shut down. I have tried doing this in a screen session and detaching from it and then closing down my ssh session, yet no success.
What can I do to make sure iptables does not restore to original state after I log out?
-modified /etc/network/-if-pre-up.d/iptables to conatin shell command to use iptables-restore
Use the following command to restore it:
Code:
iptables-restore < /etc/iptablesrules-edited.txt
One thing that I would like to point out is that Ubuntu 8.10 is pretty old and its supported ended way back. It will be a good idea to upgrade your system.
Thanks for the reply. Yes, you are right, the system I inherited is pretty old! I will be upgrading it :-)
The interesting thing is when I use iptables-restore to load in the modified iptables rules, and do iptables -L -v everything is as it should be, ports are open etc.. as soon as I logout of the ssh session, port shuts down. Again, when I log in, usin iptables -L -v, the modified entry loaded via iptables-restore is no longer there!
Did you check the user's (account with which you are logging) .bash_logout. If not then check it out. It might be possible that you have set some instructions related to iptables there and probably forgot about them.
Brilliant! I found the issue in .bashrc of the user. Apparently, someone got inspired to leave in a iptables-restore line in .bashrc that was overwriting my changes!
Thank you very much! Life is peaceful once again ... :-)
Great!!! Good to hear that you got it sorted. I thought of it because some administrator use this as failsafe. Suppose they set up a rule to block ssh and what if they will log out and then not able to ssh back into the machine.
Usually they do remove after testing but in your case it appears that someone forgot to remove after testing :-)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.