LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   iptables keeps loading instead of the service being switched off (https://www.linuxquestions.org/questions/linux-security-4/iptables-keeps-loading-instead-of-the-service-being-switched-off-4175506177/)

ronban 05-27-2014 05:38 AM
iptables keeps loading instead of the service being switched off
 
1 Attachment(s)
I have this server where I have used Iptables some time back to use redirection. Now I am starting the server with configured ports so I don't need to use port redirection. I have set the iptables to off mode for all runtimes using this

Code:
chkconfig iptables off
After that whenever I restart the server, I always find the iptables status as shown in the image below



Now the moment I restart the iptables service, it takes up the allow all rules which I have I set up by default.

Now every day I startup the server, I need to manually stop the iptables service. Worst part is even a cron job to stop the service doesn't work. All other cron jobs work fine.

Any pointers will help. server used is Red Hat Enterprise Linux.

GunFighT 05-27-2014 07:14 AM
Did you searched in /etc/rc.local to see if there is somechind of command/script that stars the firewall at startup?

ronban 05-27-2014 09:22 AM
Nopes the file has nothing related to iptables. Here goes



Code:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
if [ ! -d /root/.ssh ] ; then
    mkdir -p /root/.ssh
    chmod 0700 /root/.ssh
    restorecon /root/.ssh
fi

# bz 707364
if [ ! -f /etc/blkid/blkid.tab ] ; then
        blkid /dev/xvda &>/dev/null
fi

ATTEMPTS=5
FAILED=0
# Fetch public key using HTTP
while [ ! -f /root/.ssh/authorized_keys ]; do
    curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/aws-key 2>/dev/null
    if [ $? -eq 0 ]; then
        cat /tmp/aws-key >> /root/.ssh/authorized_keys
        chmod 0600 /root/.ssh/authorized_keys
        restorecon /root/.ssh/authorized_keys
        rm -f /tmp/aws-key
        echo "Successfully retrieved AWS public key from instance metadata"
    else
        FAILED=$(($FAILED + 1))
        if [ $FAILED -ge $ATTEMPTS ]; then
            echo "Failed to retrieve AWS public key after $FAILED attempts, quitting"
            break
        fi
        echo "Could not retrieve AWS public key (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds..."
        sleep 5
    fi
done

GunFighT 05-27-2014 02:00 PM
Well, you can try by using this command in rc.local, when the server starts up:
Code:
/etc/init.d/iptables stop
That`s for a fast solution...

ronban 05-27-2014 02:02 PM
Finally found the error. Silly mistake. The Glasffish server script the starting the firewall.


All times are GMT -5. The time now is 11:32 PM.