|
alphaace
|
 |
« on: August 07, 2010, 03:43:58 PM » |
|
Every time I log into the control center and change my firewalls (to not allow ssh) for example, and go through the wizard the settings are not saved. The default ones are just restored.
Anyone have any suggestions?
Thanks!
|
|
|
|
|
Logged
|
|
|
|
|
yodelu
|
|
« Reply #1 on: August 09, 2010, 03:05:00 AM » |
|
i suppose that wizard use iptables..
the firewall rules are only active if the iptables service is running
/sbin/service iptables restart
if you don see this
Applying iptables firewall rules:
[ OK ]
run this
touch /etc/sysconfig/iptables
chmod 600 /etc/sysconfig/iptables
service iptables start
then, make sure that iptables service is started at boot time - to ensure that it is started when the system is booted :
/sbin/chkconfig --level 345 iptables on
after you have completed the wizard yo may want to see if changes are applied
/etc/rc.d/init.d/iptables status
in your example you shoud see
....
DROP tcp -- anywhere anywhere tcp dpt:ssh
....
hope it helps..
|
|
|
|
|
Logged
|
|
|
|
|
alphaace
|
|
« Reply #2 on: August 09, 2010, 12:02:14 PM » |
|
Hi,
I chmodded iptables to 600. Now when i hit iptables restart it says "Applying iptables firewall rules". I also checked that my running services has iptables (and it is on boot).
However, it still doesn't "save settings". Also, iptables status outputs nothing :-(.
|
|
|
|
|
Logged
|
|
|
|
|
yodelu
|
|
« Reply #3 on: August 10, 2010, 06:37:56 AM » |
|
that's weird.. just to be sure - is there any other firewall (eg shorewall ) running on your system ? if it isn't , pls check your mail  |
|
|
|
|
Logged
|
|
|
|
|
alphaace
|
|
« Reply #4 on: August 10, 2010, 04:57:50 PM » |
|
nope no firewalls...thinking of installing guarddog and seeing what happens...
I would think this is a fairly big bug to overlook..
|
|
|
|
|
Logged
|
|
|
|
|
Bald Brick
|
|
« Reply #5 on: August 10, 2010, 05:16:03 PM » |
|
that's weird.. just to be sure - is there any other firewall (eg shorewall ) running on your system ? if it isn't , pls check your mail Shorewall is the firewall that you set up in the PCLinuxOS Control Center. And it's just a front end to iptables. Not that this explains the problem.... |
|
|
|
|
Logged
|
If it ain't broke
hit harder!
AMD Athlon 7450 Dual-Core Processor, 7.80 GiB RAM, Nvidia GeForce GT 120/PCIe/SSE2, OpenGL/ES-version: 3.3 0 NVIDIA 295.40, SBx00 Azalia (Intel HDA) soundcard, Logitech B500 webcam, SAA7146 DVB card, HDDs: Seagate 250824AS, Western Digital WD10EAVS-00D
|
|
|
|
alphaace
|
|
« Reply #6 on: August 10, 2010, 06:19:54 PM » |
|
am i really the only one with this problem then??
I have a default install... So for everyone else, after you configure the check boxes, and go back to set up the firewall, only your custom checkboxes are still checked yes?
|
|
|
|
|
Logged
|
|
|
|
|
Bald Brick
|
|
« Reply #7 on: August 10, 2010, 06:38:18 PM » |
|
am i really the only one with this problem then??
I have a default install... So for everyone else, after you configure the check boxes, and go back to set up the firewall, only your custom checkboxes are still checked yes?
Yes. But ticking the check boxes is setting up the firewall, so I don't really understand the question. Do you "go back" to set up another firewall? Then, of course, the settings will change. Also note that when you tick a box you allow access to the port used by that service. (Please excuse me if I'm stating the obvious.) |
|
|
|
|
Logged
|
If it ain't broke
hit harder!
AMD Athlon 7450 Dual-Core Processor, 7.80 GiB RAM, Nvidia GeForce GT 120/PCIe/SSE2, OpenGL/ES-version: 3.3 0 NVIDIA 295.40, SBx00 Azalia (Intel HDA) soundcard, Logitech B500 webcam, SAA7146 DVB card, HDDs: Seagate 250824AS, Western Digital WD10EAVS-00D
|
|
|
|
Texstar
|
|
« Reply #8 on: August 10, 2010, 07:17:02 PM » |
|
am i really the only one with this problem then??
I have a default install... So for everyone else, after you configure the check boxes, and go back to set up the firewall, only your custom checkboxes are still checked yes?
Yes. All of mine are checked as before. Also every time I make a change they are saved in the /etc/shorewall folder. |
|
|
|
|
Logged
|
Follow the development of PCLinuxOS on TwitterHelp fund the PCLinuxOS project! "I'm not so good on advice, can I interest you in a sarcastic reply?" |
|
|
|
alphaace
|
|
« Reply #9 on: August 10, 2010, 09:33:30 PM » |
|
:-(. I wonder why mine doesn't work.
Thanks for taking the time to answer Tex.
Yes, for example, I disable ssh since I don't login remotely (I uncheck). However, when I go back in, the box is still checked.
Anyone have any suggestions then how to start the debugging??
|
|
|
|
|
Logged
|
|
|
|
|
muungwana
|
|
« Reply #10 on: August 10, 2010, 09:45:19 PM » |
|
maybe there is something wrong with the GUI but the options is set and is in use?
can you run these two commands from the terminal as root and report their output?
services iptables restart
services iptables status
|
|
|
|
|
Logged
|
.. 3 things are certain in life : death, taxes and software bloat ..
.. tell me something i don't know, something i can use as i struggle to reason with the world around me ..
|
|
|
|
alphaace
|
|
« Reply #11 on: August 10, 2010, 10:52:24 PM » |
|
Hi,
I think you mean "service" instead of "services". Then you get the following (if you do mean services then it tells me the command is not found!):
[root@Aphrodite greg]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
|
|
|
|
Logged
|
|
|
|
|
muungwana
|
|
« Reply #12 on: August 10, 2010, 11:16:24 PM » |
|
yeah, "service", not "services" ..what about the first command? the first command will make sure iptables is running first before checking what rules it is using
|
|
|
|
|
Logged
|
.. 3 things are certain in life : death, taxes and software bloat ..
.. tell me something i don't know, something i can use as i struggle to reason with the world around me ..
|
|
|
|
alphaace
|
|
« Reply #13 on: August 10, 2010, 11:48:09 PM » |
|
sorry forgot to paste. It says this:
[root@Aphrodite greg]# service iptables restart
Applying iptables firewall rules:
[ OK ]
|
|
|
|
|
Logged
|
|
|
|
|
yodelu
|
|
« Reply #14 on: August 11, 2010, 03:25:13 AM » |
|
if shorewall is the GUI in CC for firewall then it should be checked ..
/etc/rc.d/init.d/shorewall reload
if it is running fine then you should see something like
Compiling...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
ipset v2.2.9: Set already exists
ipset v2.2.9: Set already exists
done.
After that go to the CC wizard and then look at /etc/shorewall/rules.drakx file and see if the changes are applied
if in rules.drakx you'll see the rules that you've created before then, when you run service iptables status, look at Chain net2fw - in this chain you must see your rules
|
|
|
|
|
Logged
|
|
|
|
|
Dilber MC Theme by HarzeM