| Author |
Message |
mayukmok00
Joined: 05 Oct 2010
Posts: 4
|
| Posted: Fri Apr 08, 2011 9:34 pm Post subject: iptables not loading |
|
|
Hi,
We are using ubuntu 10 Lucid. The last time I checked the firewall was running. Currently using command "iptables -nL" won't show the rules. I tried to install apf and do the configuration but the issue persisted.
Appreciate your help.
Thank you
System info:
root@mylinode:~# uname -a
Linux mylinode 2.6.32.16-linode28 #1 SMP Sun Jul 25 21:32:42 UTC 2010 i686 GNU/Linux
root@mylinode:~# dpkg -l | grep iptables
ii apf-firewall 9.7+rev1-1 easy iptables based firewall syste
m
ii iptables 1.4.4-2ubuntu2 administration tools for packet fi
ltering an
ii libiptables-chainmgr-perl 0.9-1 Perl extension for manipulating ip
tables pol
ii libiptables-parse-perl 0.7-1 Perl extension for parsing iptable
s firewall
issue:
root@mylinode:~# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@mylinode:~# cat /etc/iptables.up.rules
*filter
-A INPUT -p udp -m udp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport https -j ACCEPT
-A INPUT -p tcp -m tcp --dport http -j ACCEPT
-A INPUT -p tcp -m tcp --dport imaps -j ACCEPT
-A INPUT -p tcp -m tcp --dport imap -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3s -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3 -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp-data -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp -j ACCEPT
-A INPUT -p tcp -m tcp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport smtp -j ACCEPT
-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT
COMMIT
root@mylinode:~# ps aux | grep iptables
root 508 0.0 0.0 1860 596 hvc0 S+ 02:32 0:00 grep --color=auto iptables |
|
| Back to top |
|
Vance
Joined: 18 Jan 2009
Posts: 352
|
| Posted: Sat Apr 09, 2011 12:56 am Post subject: |
|
|
Looks like /etc/iptables.up.rules is not being read and applied on boot.
Given the simple set of rules you want to apply, I'd suggest using ufw. You could implement your rules with the following commands:
Code: sudo ufw default deny
sudo ufw allow domain/udp
sudo ufw allow 20000/tcp
sudo ufw allow 10000/tcp
sudo ufw allow https/tcp
sudo ufw allow http/tcp
sudo ufw allow imaps/tcp
sudo ufw allow imap/tcp
sudo ufw allow pop3s/tcp
sudo ufw allow pop3/tcp
sudo ufw allow ftp-data/tcp
sudo ufw allow ftp/tcp
sudo ufw allow domain/tcp
sudo ufw allow ssh/tcp
sudo ufw enable
sudo ufw status
Once enabled, ufw should automatically apply these rules on each boot.
Should you go this route, I recommend doing apt-get purge apf-firewall to remove apf first to avoid having it compete with ufw. You may also have to apt-get install ufw. |
|
| Back to top |
|
mayukmok00
Joined: 05 Oct 2010
Posts: 4
|
| Posted: Sat Apr 09, 2011 1:37 am Post subject: |
|
|
Hi Vance,
Thank you for the reply. Issue is now solved.
Code: root@mylinode:/etc# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@mylinode:/etc# ufw status
Status: active
To Action From
-- ------ ----
53/udp ALLOW Anywhere
20000/tcp ALLOW Anywhere
10000/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
993/tcp ALLOW Anywhere
143/tcp ALLOW Anywhere
995/tcp ALLOW Anywhere
110/tcp ALLOW Anywhere
20/tcp ALLOW Anywhere
21/tcp ALLOW Anywhere
53/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
Also iptables can now display the rules.
Code: Chain INPUT (policy DROP)
num target prot opt source destination
1 ufw-before-logging-input all -- 0.0.0.0/0 0.0.0.0/0
2 ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0
3 ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0
4 ufw-after-logging-input all -- 0.0.0.0/0 0.0.0.0/0
5 ufw-reject-input all -- 0.0.0.0/0 0.0.0.0/0
6 ufw-track-input all -- 0.0.0.0/0 0.0.0.0/0
Appreciate your help.
Thanks,
mayukmok |
|
| Back to top |
|
| |
