[SOLVED] iptables keeps loading instead of the service being switched off

ronban · 05-27-2014, 05:38 AM

I have this server where I have used Iptables some time back to use redirection. Now I am starting the server with configured ports so I don't need to use port redirection. I have set the iptables to off mode for all runtimes using this

Code:

chkconfig iptables off

After that whenever I restart the server, I always find the iptables status as shown in the image below

Now the moment I restart the iptables service, it takes up the allow all rules which I have I set up by default.

Now every day I startup the server, I need to manually stop the iptables service. Worst part is even a cron job to stop the service doesn't work. All other cron jobs work fine.

Any pointers will help. server used is Red Hat Enterprise Linux.

GunFighT · 05-27-2014, 07:14 AM

Did you searched in /etc/rc.local to see if there is somechind of command/script that stars the firewall at startup?

ronban · 05-27-2014, 09:22 AM

Nopes the file has nothing related to iptables. Here goes

Code:

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
if [ ! -d /root/.ssh ] ; then
    mkdir -p /root/.ssh
    chmod 0700 /root/.ssh
    restorecon /root/.ssh
fi

# bz 707364
if [ ! -f /etc/blkid/blkid.tab ] ; then
        blkid /dev/xvda &>/dev/null
fi

ATTEMPTS=5
FAILED=0
# Fetch public key using HTTP
while [ ! -f /root/.ssh/authorized_keys ]; do
    curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/aws-key 2>/dev/null
    if [ $? -eq 0 ]; then
        cat /tmp/aws-key >> /root/.ssh/authorized_keys
        chmod 0600 /root/.ssh/authorized_keys
        restorecon /root/.ssh/authorized_keys
        rm -f /tmp/aws-key
        echo "Successfully retrieved AWS public key from instance metadata"
    else
        FAILED=$(($FAILED + 1))
        if [ $FAILED -ge $ATTEMPTS ]; then
            echo "Failed to retrieve AWS public key after $FAILED attempts, quitting"
            break
        fi
        echo "Could not retrieve AWS public key (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds..."
        sleep 5
    fi
done

GunFighT · 05-27-2014, 02:00 PM

Well, you can try by using this command in rc.local, when the server starts up:

Code:

/etc/init.d/iptables stop

That`s for a fast solution...

ronban · 05-27-2014, 02:02 PM

Finally found the error. Silly mistake. The Glasffish server script the starting the firewall.