Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
mayukmok00
 Post subject: iptables not loading
PostPosted: Fri Apr 08, 2011 10:34 pm 
Offline
Newbie

Joined: Tue Oct 05, 2010 9:37 am
Posts: 4
Yahoo Messenger: mayukmok00@yahoo.com
Hi,

We are using ubuntu 10 Lucid. The last time I checked the firewall was running. Currently using command "iptables -nL" won't show the rules. I tried to install apf and do the configuration but the issue persisted.

Appreciate your help.

Thank you

System info:
root@mylinode:~# uname -a
Linux mylinode 2.6.32.16-linode28 #1 SMP Sun Jul 25 21:32:42 UTC 2010 i686 GNU/Linux

root@mylinode:~# dpkg -l | grep iptables
ii apf-firewall 9.7+rev1-1 easy iptables based firewall syste
m
ii iptables 1.4.4-2ubuntu2 administration tools for packet fi
ltering an
ii libiptables-chainmgr-perl 0.9-1 Perl extension for manipulating ip
tables pol
ii libiptables-parse-perl 0.7-1 Perl extension for parsing iptable
s firewall

issue:
root@mylinode:~# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

root@mylinode:~# cat /etc/iptables.up.rules

*filter
-A INPUT -p udp -m udp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport https -j ACCEPT
-A INPUT -p tcp -m tcp --dport http -j ACCEPT
-A INPUT -p tcp -m tcp --dport imaps -j ACCEPT
-A INPUT -p tcp -m tcp --dport imap -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3s -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3 -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp-data -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp -j ACCEPT
-A INPUT -p tcp -m tcp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport smtp -j ACCEPT
-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT
COMMIT


root@mylinode:~# ps aux | grep iptables
root 508 0.0 0.0 1860 596 hvc0 S+ 02:32 0:00 grep --color=auto iptables
Top
   
Reply with quote  
Vance
 Post subject:
PostPosted: Sat Apr 09, 2011 1:56 am 
Offline
Senior Member
User avatar

Joined: Sun Jan 18, 2009 2:41 pm
Posts: 830
Looks like /etc/iptables.up.rules is not being read and applied on boot.

Given the simple set of rules you want to apply, I'd suggest using ufw. You could implement your rules with the following commands:
Code:
sudo ufw default deny
sudo ufw allow domain/udp
sudo ufw allow 20000/tcp
sudo ufw allow 10000/tcp
sudo ufw allow https/tcp
sudo ufw allow http/tcp
sudo ufw allow imaps/tcp
sudo ufw allow imap/tcp
sudo ufw allow pop3s/tcp
sudo ufw allow pop3/tcp
sudo ufw allow ftp-data/tcp
sudo ufw allow ftp/tcp
sudo ufw allow domain/tcp
sudo ufw allow ssh/tcp
sudo ufw enable
sudo ufw status


Once enabled, ufw should automatically apply these rules on each boot.

Should you go this route, I recommend doing apt-get purge apf-firewall to remove apf first to avoid having it compete with ufw. You may also have to apt-get install ufw.
Top
   
Reply with quote  
mayukmok00
 Post subject:
PostPosted: Sat Apr 09, 2011 2:37 am 
Offline
Newbie

Joined: Tue Oct 05, 2010 9:37 am
Posts: 4
Yahoo Messenger: mayukmok00@yahoo.com
Hi Vance,

Thank you for the reply. Issue is now solved.

Code:
root@mylinode:/etc# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@mylinode:/etc# ufw status
Status: active

To                         Action      From
--                         ------      ----
53/udp                     ALLOW       Anywhere
20000/tcp                  ALLOW       Anywhere
10000/tcp                  ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
993/tcp                    ALLOW       Anywhere
143/tcp                    ALLOW       Anywhere
995/tcp                    ALLOW       Anywhere
110/tcp                    ALLOW       Anywhere
20/tcp                     ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
53/tcp                     ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere


Also iptables can now display the rules.

Code:
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ufw-before-logging-input  all  --  0.0.0.0/0            0.0.0.0/0
2    ufw-before-input  all  --  0.0.0.0/0            0.0.0.0/0
3    ufw-after-input  all  --  0.0.0.0/0            0.0.0.0/0
4    ufw-after-logging-input  all  --  0.0.0.0/0            0.0.0.0/0
5    ufw-reject-input  all  --  0.0.0.0/0            0.0.0.0/0
6    ufw-track-input  all  --  0.0.0.0/0            0.0.0.0/0



Appreciate your help.

Thanks,
mayukmok
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group