Hi all!

I recently installed Mandrake 10. I have since set security level to 4 (higher)
I have altered the iptables (using shorewall) in Webmin. I have opened ports 22, 25, 80, 110 and 443. However, port 25 always gets closed by some process.

When i see that port 25 gets closed (drops packets) i go to webmin and see that the shorewall is not "running".
If i select to start shorewall, port 25 is opened again but some 30 minutes later the port is, again, closed and Shorewall appears not to be "running"

(I know shorewall is not a process. I do not know what webmin means by it being "running" or "stopped", could it have to do with something in the netfilter module/iptables rules being reset/modified?)

I'm no master of Linux, just want to run my mail server (and yes, i have configured Postfix to not to act as open relay :-)

I suspect this has something to do with msec but i can not find anything in the configuration files that seems to be causing this. Maybe msec enforces certain set of firewall rules and checks these every 30-60 minutes?

Thankful for any help on the subject...

Had similar problem with tcpwrapper (hosts.allow/hosts.deny) Even though i deselected authoristaion by tcpwrapper in the "control panel" msec still kept adding ALL:ALL to hosts.deny. I don't give a toss about these files as i rely on the firewall to manage incoming connections fro internet and want to allow full connectivity on my LAN
I solved this by adding ALL:ALL in hosts.allow :-)

Ahh.. found the reason at last..
I had installed firestarter package nad the iptables rules were being replaced by the firestarter configuration. Still don't know which process was doing this (and didn't find anything in cron) but removing firestarter solved the problem.. Now the rules created in shorewall are sticking, at last...