Linode Forum :: iptables not loading

Linode Forum https://forum.linode.com/

iptables not loading https://forum.linode.com/viewtopic.php?f=19&t=6937	Page 1 of 1

Author:	mayukmok00 [ Fri Apr 08, 2011 10:34 pm ]
Post subject:	iptables not loading
Hi, We are using ubuntu 10 Lucid. The last time I checked the firewall was running. Currently using command "iptables -nL" won't show the rules. I tried to install apf and do the configuration but the issue persisted. Appreciate your help. Thank you System info: root@mylinode:~# uname -a Linux mylinode 2.6.32.16-linode28 #1 SMP Sun Jul 25 21:32:42 UTC 2010 i686 GNU/Linux root@mylinode:~# dpkg -l \| grep iptables ii apf-firewall 9.7+rev1-1 easy iptables based firewall syste m ii iptables 1.4.4-2ubuntu2 administration tools for packet fi ltering an ii libiptables-chainmgr-perl 0.9-1 Perl extension for manipulating ip tables pol ii libiptables-parse-perl 0.7-1 Perl extension for parsing iptable s firewall issue: root@mylinode:~# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@mylinode:~# cat /etc/iptables.up.rules *filter -A INPUT -p udp -m udp --dport domain -j ACCEPT -A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT -A INPUT -p tcp -m tcp --dport https -j ACCEPT -A INPUT -p tcp -m tcp --dport http -j ACCEPT -A INPUT -p tcp -m tcp --dport imaps -j ACCEPT -A INPUT -p tcp -m tcp --dport imap -j ACCEPT -A INPUT -p tcp -m tcp --dport pop3s -j ACCEPT -A INPUT -p tcp -m tcp --dport pop3 -j ACCEPT -A INPUT -p tcp -m tcp --dport ftp-data -j ACCEPT -A INPUT -p tcp -m tcp --dport ftp -j ACCEPT -A INPUT -p tcp -m tcp --dport domain -j ACCEPT -A INPUT -p tcp -m tcp --dport smtp -j ACCEPT -A INPUT -p tcp -m tcp --dport ssh -j ACCEPT COMMIT root@mylinode:~# ps aux \| grep iptables root 508 0.0 0.0 1860 596 hvc0 S+ 02:32 0:00 grep --color=auto iptables

Author:	Vance [ Sat Apr 09, 2011 1:56 am ]
Post subject:
Looks like /etc/iptables.up.rules is not being read and applied on boot. Given the simple set of rules you want to apply, I'd suggest using ufw. You could implement your rules with the following commands: Code: sudo ufw default deny sudo ufw allow domain/udp sudo ufw allow 20000/tcp sudo ufw allow 10000/tcp sudo ufw allow https/tcp sudo ufw allow http/tcp sudo ufw allow imaps/tcp sudo ufw allow imap/tcp sudo ufw allow pop3s/tcp sudo ufw allow pop3/tcp sudo ufw allow ftp-data/tcp sudo ufw allow ftp/tcp sudo ufw allow domain/tcp sudo ufw allow ssh/tcp sudo ufw enable sudo ufw status Once enabled, ufw should automatically apply these rules on each boot. Should you go this route, I recommend doing apt-get purge apf-firewall to remove apf first to avoid having it compete with ufw. You may also have to apt-get install ufw.

Author:

mayukmok00 [ Sat Apr 09, 2011 2:37 am ]

Post subject:

Hi Vance,

Thank you for the reply. Issue is now solved.

Code:

root@mylinode:/etc# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@mylinode:/etc# ufw status
Status: active

To                         Action      From
--                         ------      ----
53/udp                     ALLOW       Anywhere
20000/tcp                  ALLOW       Anywhere
10000/tcp                  ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
993/tcp                    ALLOW       Anywhere
143/tcp                    ALLOW       Anywhere
995/tcp                    ALLOW       Anywhere
110/tcp                    ALLOW       Anywhere
20/tcp                     ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
53/tcp                     ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere

Also iptables can now display the rules.

Code:

Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ufw-before-logging-input  all  --  0.0.0.0/0            0.0.0.0/0
2    ufw-before-input  all  --  0.0.0.0/0            0.0.0.0/0
3    ufw-after-input  all  --  0.0.0.0/0            0.0.0.0/0
4    ufw-after-logging-input  all  --  0.0.0.0/0            0.0.0.0/0
5    ufw-reject-input  all  --  0.0.0.0/0            0.0.0.0/0
6    ufw-track-input  all  --  0.0.0.0/0            0.0.0.0/0

Appreciate your help.

Thanks,
mayukmok

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/