Iptables change on ifup

Support for security such as Firewalls and securing linux
Post Reply
chebi
Posts: 17
Joined: 2007/03/07 01:18:22
Location: Montevideo, Uruguay

Iptables change on ifup

Post by chebi » 2007/03/19 18:44:04

I configured the Firewall using system-config-securitylevel. I changed some things so i can give access to certain services form outside (ssh, etc) and i apply the changes. Iptables -L shows the changes and everything is working. But if i make a restart of the network interfaces the rules on iptables change. I cant figure who is changing them i looked in the ifup scripts and it seems it's calling the correct iptables file in /etc/sysconfig....

Any help??

thanks
chebi

michaelnel
Posts: 1478
Joined: 2006/05/29 16:50:11
Location: San Francisco, CA

Iptables change on ifup

Post by michaelnel » 2007/03/19 21:38:44

Is the /etc/sysconfig/iptables file getting changed, or just the state (in memory) of the firewall setup?

If instead of using ifup and ifdown you do "service network restart", does the firewall state change?

When you made your changes, did you do something like "iptables-save > /etc/sysconfig/iptables" ?

chebi
Posts: 17
Joined: 2007/03/07 01:18:22
Location: Montevideo, Uruguay

Re: Iptables change on ifup

Post by chebi » 2007/03/19 22:13:59

[quote]
Is the /etc/sysconfig/iptables file getting changed, or just the state (in memory) of the firewall setup?
[/quote]

just the state in memory

[quote]
If instead of using ifup and ifdown you do "service network restart", does the firewall state change?
[/quote]

same outcome

[quote]
When you made your changes, did you do something like "iptables-save > /etc/sysconfig/iptables" ?[/quote]
[/quote]

tried that, same outcome

chebi
Posts: 17
Joined: 2007/03/07 01:18:22
Location: Montevideo, Uruguay

Re: Iptables change on ifup

Post by chebi » 2007/03/19 22:18:04

The changes in the iptables rules affect only the INPUT, someone flushes them and then puts 4 rules that drops, if I understand them right, everything.

chebi
Posts: 17
Joined: 2007/03/07 01:18:22
Location: Montevideo, Uruguay

Re: Iptables change on ifup

Post by chebi » 2007/03/21 01:28:48

Ok Its fixed. in the /etc/sysconfig/network-scripts/ifcfg-ppp0 there was an option FIREWALL=MASQUERADE that called a script configuring the iptables for a masquerade option, removed the line and that was that......

it was driving me crazy......

Post Reply

Return to “CentOS 4 - Security Support”