[SOLVED] Problem saving iptables rules in Ubuntu 8.10

anirvana · 01-28-2012, 02:19 PM

Hello all,
I have been trying to save some modifications to my iptables rules and have been observing some interesting, but frustrating, behavior. Any help/advice is very appreciated.

What am I trying to do: open up a port using iptables.
What have I done:
-created an iptables backup with iptables-save, modified it, used iptables-restore
-modified /etc/network/interface to contain pre-up iptables-restore and post-down iptables-save statement
-modified /etc/network/-if-pre-up.d/iptables to conatin shell command to use iptables-restore

The problem: When I log out of my ssh session, iptables goes back to what it was without the statement to open up the port I want to.

When I log in again, use iptables-restore and use iptables -L -v I can see that the necessary statements are in the iptables rules.

Once again when I log out, the rules get changed, the port gets shut down. I have tried doing this in a screen session and detaching from it and then closing down my ssh session, yet no success.

What can I do to make sure iptables does not restore to original state after I log out?

Thanks.

T3RM1NVT0R · 01-28-2012, 02:58 PM

Hi anirvana,

Need to know if you are saving your firewall rules to a file or not. If not then do it the following way:

1. Make a backup of initial rules using the following command:

Code:

sudo iptables-save > /etc/initial-rules.txt

2. Edit your firewall rules and save the iptables as follows:

Code:

sudo iptables-save > /etc/iptablesrules-edited.txt

Quote:

-modified /etc/network/-if-pre-up.d/iptables to conatin shell command to use iptables-restore

Use the following command to restore it:

Code:

iptables-restore < /etc/iptablesrules-edited.txt

One thing that I would like to point out is that Ubuntu 8.10 is pretty old and its supported ended way back. It will be a good idea to upgrade your system.

anirvana · 01-28-2012, 03:09 PM

@ T3RM1NVT0R

Thanks for the reply. Yes, you are right, the system I inherited is pretty old! I will be upgrading it :-)

The interesting thing is when I use iptables-restore to load in the modified iptables rules, and do iptables -L -v everything is as it should be, ports are open etc.. as soon as I logout of the ssh session, port shuts down. Again, when I log in, usin iptables -L -v, the modified entry loaded via iptables-restore is no longer there!

kind of tearing my remaining hair

I will keep plugging away at this.

T3RM1NVT0R · 01-28-2012, 03:15 PM

Are you doing it the same way I mentioned in my previous post. I have tested this on my Ubuntu system and it works fine even after reboot.

anirvana · 01-28-2012, 03:27 PM

yes, just tried it. Somehow after logging out of ssh session, something is overwriting my changes!

T3RM1NVT0R · 01-28-2012, 03:34 PM

Did you check the user's (account with which you are logging) .bash_logout. If not then check it out. It might be possible that you have set some instructions related to iptables there and probably forgot about them.

anirvana · 01-28-2012, 03:38 PM

Brilliant! I found the issue in .bashrc of the user. Apparently, someone got inspired to leave in a iptables-restore line in .bashrc that was overwriting my changes!

Thank you very much! Life is peaceful once again ... :-)

T3RM1NVT0R · 01-28-2012, 03:50 PM

Great!!! Good to hear that you got it sorted. I thought of it because some administrator use this as failsafe. Suppose they set up a rule to block ssh and what if they will log out and then not able to ssh back into the machine.

Usually they do remove after testing but in your case it appears that someone forgot to remove after testing :-)

Enjoy linux!!!