firewall doesn't remember settings

[alphaace]

Every time I log into the control center and change my firewalls (to not allow ssh) for example, and go through the wizard the settings are not saved. The default ones are just restored.

Anyone have any suggestions?

Thanks!

[yodelu]

i suppose that wizard use iptables..
the firewall rules are only active if the iptables service is running
/sbin/service iptables restart
if you don see this
 Applying iptables firewall rules:
                                                                [  OK  ]
run this
touch /etc/sysconfig/iptables
chmod 600 /etc/sysconfig/iptables
service iptables start
then, make sure that iptables service is started at boot time - to ensure that it is started when the system is booted  :

/sbin/chkconfig --level 345 iptables on

after you have completed the wizard yo may want to see if  changes are applied

/etc/rc.d/init.d/iptables status

in your example you shoud see
....
DROP     tcp  --  anywhere             anywhere            tcp dpt:ssh
....

hope it helps..

[alphaace]

Hi,

I chmodded iptables to 600. Now when i hit iptables restart it says "Applying iptables firewall rules". I also checked that my running services has iptables (and it is on boot).

However, it still doesn't "save settings". Also, iptables status outputs nothing :-(.

[yodelu]

that's weird..
just to be sure - is there any other firewall (eg shorewall ) running on your system ?
if it isn't , pls check your mail 

[alphaace]

nope no firewalls...thinking of installing guarddog and seeing what happens...

I would think this is a fairly big bug to overlook..

[Bald Brick]

that's weird..
just to be sure - is there any other firewall (eg shorewall ) running on your system ?
if it isn't , pls check your mail  

Shorewall is the firewall that you set up in the PCLinuxOS Control Center. And it's just a front end to iptables. Not that this explains the problem....

[alphaace]

am i really the only one with this problem then??

I have a default install... So for everyone else, after you configure the check boxes, and go back to set up the firewall, only your custom checkboxes are still checked yes?

[Bald Brick]

am i really the only one with this problem then??

I have a default install... So for everyone else, after you configure the check boxes, and go back to set up the firewall, only your custom checkboxes are still checked yes?

Yes.

But ticking the check boxes is setting up the firewall, so I don't really understand the question. Do you "go back" to set up another firewall? Then, of course, the settings will change. Also note that when you tick a box you allow access to the port used by that service. (Please excuse me if I'm stating the obvious.)

[Texstar]

am i really the only one with this problem then??

I have a default install... So for everyone else, after you configure the check boxes, and go back to set up the firewall, only your custom checkboxes are still checked yes?

Yes. All of mine are checked as before. Also every time I make a change they are saved in the /etc/shorewall folder.

[alphaace]

:-(. I wonder why mine doesn't work.

Thanks for taking the time to answer Tex.

Yes, for example, I disable ssh since I don't login remotely (I uncheck). However, when I go back in, the box is still checked.

Anyone have any suggestions then how to start the debugging??

[muungwana]

maybe there is something wrong with the GUI but the options is set and is in use?

can you run these two commands from the terminal as root and report their output?

services iptables restart

services iptables status

[alphaace]

Hi,

I think you mean "service" instead of "services". Then you get the following (if you do mean services then it tells me the command is not found!):

[root@Aphrodite greg]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination     

[muungwana]

yeah, "service", not "services" ..what about the first command? the first command will make sure iptables is running first before checking what rules it is using

[alphaace]

sorry forgot to paste. It says this:

[root@Aphrodite greg]# service iptables restart
Applying iptables firewall rules:
                                                                [  OK  ]

[yodelu]

if shorewall is the GUI in CC for firewall then it should be checked ..
/etc/rc.d/init.d/shorewall reload
if it is running fine then you should see something like
Compiling...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
ipset v2.2.9: Set already exists
ipset v2.2.9: Set already exists
done.
 
After that go to the  CC wizard and then look at  /etc/shorewall/rules.drakx file and see if the changes are applied

if in rules.drakx you'll see the  rules that you've created before then, when you run service iptables status, look at Chain net2fw - in this chain you must see your rules