Re: [CentOS] [CEntOS] - problem with iptables
you helped me clear ideas thanks for everything 2013/10/10 Reindl Harald > > Am 10.10.2013 16:13, schrieb Paolo De Michele: > > sorry, but now if I modify /etc/sysconfig/iptables and I add two strings, > > per example: > > > > output omitted > > - > > -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT > > -A INPUT -j DROP > > -- > > output omitted > > > > and I do: > > > > service iptables save > > and > > restart my iptables firewall, output iptables -L is: > > > > -A INPUT -j DROP > > -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT > > > > > > why? > > *why* you you mangle around in /etc/sysconfig/iptables > this file is written by "service iptables save" > > this file is *read* at iptables *startup* and written with > the *currently* active rules with "service iptables save" > > man iptables > ___ > > #!/bin/bash > iptables -P INPUT DROP > iptables -P FORWARD DROP > iptables -F > iptables -X > CHAINS=`cat /proc/net/ip_tables_names 2>/dev/null` > for i in $CHAINS; do iptables -t $i -F; done && echo "Flush OK" || echo > "Flush FAILED" > for i in $CHAINS; do iptables -t $i -X; done && echo "Clear OK" || echo > "Clear FAILED" > for i in $CHAINS; do iptables -t $i -Z; done > iptables -A INPUT -p icmp -s 64.39.31.103 -j ACCEPT > iptables -A INPUT -j DROP > service iptables save > ___ > > BTW: > nobody but you is using hostnames for iptables-rules because it is a pretty > dumb idea to rely on a working name resolution in realy boot > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CEntOS] - problem with iptables
On Thu, Oct 10, 2013 at 9:13 AM, Paolo De Michele wrote: > sorry, but now if I modify /etc/sysconfig/iptables and I add two strings, > per example: > > output omitted > - > -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT > -A INPUT -j DROP > -- > output omitted > > and I do: > > service iptables save > and > restart my iptables firewall, output iptables -L is: > > -A INPUT -j DROP > -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT > > why? > When you do # service iptables save it over-writes /etc/sysconfig/iptables with the active set of iptables, so your changes are lost. One way to do what you want is to modify /etc/sysconfig/iptables, then do # service iptables restart This will reload the iptables from /etc/sysconfig/iptables -- Dale Dellutri ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CEntOS] - problem with iptables
On Thu, Oct 10, 2013 at 10:13 AM, Paolo De Michele wrote: > sorry, but now if I modify /etc/sysconfig/iptables and I add two strings, > per example: > > output omitted > - > -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT > -A INPUT -j DROP > -- > output omitted > > and I do: > > service iptables save > and > restart my iptables firewall, output iptables -L is: > > -A INPUT -j DROP > -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT > > > why? 'service iptables save' tells iptables to take what's running in iptables RIGHT NOW and save it to that file. so your added lines got overwritten. so what previous replies have been expecting you to do is boot up login as root start doing your commands e.g. iptables -I INPUT -s 192.168.0.0/16 -I eth0 -j DROP get all the iptables command entries set to how you want them, check with iptables -L then run 'service iptabels save' and reboot just to be sure all your rules got saved and are restored after a boot. (although it shouldn't technically be required) -- Even the Magic 8 ball has an opinion on email clients: Outlook not so good. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CEntOS] - problem with iptables
sorry, but now if I modify /etc/sysconfig/iptables and I add two strings, per example: output omitted - -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT -A INPUT -j DROP -- output omitted and I do: service iptables save and restart my iptables firewall, output iptables -L is: -A INPUT -j DROP -A INPUT -s ddns.no-ip.org -p icmp -j ACCEPT why? 2013/10/10 Paolo De Michele > ChriG, thank you for your help > I solved the problem but until now it had never happened with the VPS. > iptables first started out and then edit the file /etc/sysconfig/iptables > and chkconfig iptables on > > good to know > many thanks > > > > > > 2013/10/10 Chris Geldenhuis > >> On 10/10/2013 10:09 AM, Eero Volotinen wrote: >> > chkconfig iptables on >> > fixes the problem.. >> > On Oct 10, 2013 10:51 AM, "Paolo De Michele" >> > wrote: >> > >> >> hi all, >> >> >> >> I have a problem with iptables on CentOS 6.2. >> >> I configured: >> >> >> >> chkconfig iptables on >> >> and the file /etc/sysconfig/iptables >> >> >> >> if you reboot the machine configurations are not loaded. >> >> iptables-L gives me the default configurations (not assigned) >> >> if I (a machine booted): service iptables start then then it works. >> >> >> >> how can I fix? >> >> thanks in advance >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> http://lists.centos.org/mailman/listinfo/centos >> >> >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > http://lists.centos.org/mailman/listinfo/centos >> > >> After service iptables start do: >> >> service iptables save >> >> This saves your configuration for the next restart / reboot >> >> ChrisG >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CEntOS] - problem with iptables
ChriG, thank you for your help I solved the problem but until now it had never happened with the VPS. iptables first started out and then edit the file /etc/sysconfig/iptables and chkconfig iptables on good to know many thanks 2013/10/10 Chris Geldenhuis > On 10/10/2013 10:09 AM, Eero Volotinen wrote: > > chkconfig iptables on > > fixes the problem.. > > On Oct 10, 2013 10:51 AM, "Paolo De Michele" > > wrote: > > > >> hi all, > >> > >> I have a problem with iptables on CentOS 6.2. > >> I configured: > >> > >> chkconfig iptables on > >> and the file /etc/sysconfig/iptables > >> > >> if you reboot the machine configurations are not loaded. > >> iptables-L gives me the default configurations (not assigned) > >> if I (a machine booted): service iptables start then then it works. > >> > >> how can I fix? > >> thanks in advance > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> http://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > After service iptables start do: > > service iptables save > > This saves your configuration for the next restart / reboot > > ChrisG > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CEntOS] - problem with iptables
On 10/10/2013 10:09 AM, Eero Volotinen wrote: > chkconfig iptables on > fixes the problem.. > On Oct 10, 2013 10:51 AM, "Paolo De Michele" > wrote: > >> hi all, >> >> I have a problem with iptables on CentOS 6.2. >> I configured: >> >> chkconfig iptables on >> and the file /etc/sysconfig/iptables >> >> if you reboot the machine configurations are not loaded. >> iptables-L gives me the default configurations (not assigned) >> if I (a machine booted): service iptables start then then it works. >> >> how can I fix? >> thanks in advance >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > After service iptables start do: service iptables save This saves your configuration for the next restart / reboot ChrisG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CEntOS] - problem with iptables
2013/10/10 Eero Volotinen > chkconfig iptables on > fixes the problem.. > I had already given the command but do not load configurations ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CEntOS] - problem with iptables
chkconfig iptables on fixes the problem.. On Oct 10, 2013 10:51 AM, "Paolo De Michele" wrote: > hi all, > > I have a problem with iptables on CentOS 6.2. > I configured: > > chkconfig iptables on > and the file /etc/sysconfig/iptables > > if you reboot the machine configurations are not loaded. > iptables-L gives me the default configurations (not assigned) > if I (a machine booted): service iptables start then then it works. > > how can I fix? > thanks in advance > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] [CEntOS] - problem with iptables
hi all, I have a problem with iptables on CentOS 6.2. I configured: chkconfig iptables on and the file /etc/sysconfig/iptables if you reboot the machine configurations are not loaded. iptables-L gives me the default configurations (not assigned) if I (a machine booted): service iptables start then then it works. how can I fix? thanks in advance ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
