Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-13-2006, 05:05 PM
|
#1
|
Member
Registered: Oct 2006
Location: Ogden, Utah
Distribution: Fedora 10
Posts: 66
Rep:
|
Rules return after delete and iptables-save
I run a website server on Fedora Core 6. I am reworking my iptables configuration to tighten up my security. I basically just want to flush all my rules and redo the whole thing.
So I flushed my iptables configuration with iptables -F and then appended a new set of rules. I then used iptables-save and restarted iptables to see what would happen, and all my old rules came back.
I'm missing something here, aren't I?
Any suggestions?
Last edited by Madone_SL_5.5; 12-13-2006 at 05:24 PM.
|
|
|
12-13-2006, 05:24 PM
|
#2
|
Member
Registered: Sep 2002
Posts: 310
Rep:
|
Perhaps give us more detail, for example:
1. System boots
2. iptables -F
3. iptables -A ...
4. iptables-save
5. Reboot
Not sure what to expect at this point. Also include output from `which iptables-save` please.
|
|
|
12-13-2006, 05:30 PM
|
#3
|
Member
Registered: Oct 2006
Location: Ogden, Utah
Distribution: Fedora 10
Posts: 66
Original Poster
Rep:
|
I perform the following steps:
1. System running
2. iptables -F
3. iptables -A INPUT -j ACCEPT
4. iptables -A FORWARD -j REJECT
5. iptables -A OUTPUT -j ACCEPT
6. iptables-save
7. /etc/init.d/iptables restart
Which iptables-save results in /sbin/iptables-save
Regardless of whether I add or delete rules, I always end up with the same rules as before.
Last edited by Madone_SL_5.5; 12-13-2006 at 05:31 PM.
|
|
|
12-13-2006, 05:35 PM
|
#4
|
Member
Registered: Sep 2002
Posts: 310
Rep:
|
Can you post the output of `iptables -nvL` before and after that process?
|
|
|
12-13-2006, 05:44 PM
|
#5
|
Member
Registered: Oct 2006
Location: Ogden, Utah
Distribution: Fedora 10
Posts: 66
Original Poster
Rep:
|
iptables -nvL
iptables -nvL shows after the process, when all the rules have come back. It is the same as before:
Quote:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
157 13422 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
5 240 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.100 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.100 tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.100 tcp dpt:80
0 0 ACCEPT all -- * * 127.0.0.1 192.168.0.100
0 0 ACCEPT icmp -- * * 0.0.0.0/0 192.168.0.100
0 0 REJECT all -- * * 0.0.0.0/0 192.168.0.100 reject-with icmp-port-unreachable
30 3927 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
119 13796 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
|
|
|
|
12-15-2006, 11:30 AM
|
#6
|
Member
Registered: Sep 2002
Posts: 310
Rep:
|
Please post your full process and wrap the segments in CODE tags so the formatting is maintained. Additionally, please cat your /etc/init.d/iptables script and post that as well (in CODE tags).
|
|
|
All times are GMT -5. The time now is 01:59 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|