Why Did My Firewall Start

hi experts

i got a centos instance that I recently rebooted, after reboot I found the iptable is running. previously i had turned it off but for some reason it started again.

this is the run level for ip table:
Code:
0:off 1:off 2:on 3:on 4:on 5:on 6:off

I am trying to figure out if with this combo, iptable auto starts? because 6 is for system reboot and if it was off then that means it shouldn't be started right?

thanks


Similar Content



Systemd And Loading Init File

I recently changed from Debian 7 to 8 which now uses systemd as the default init.
I had a init file that worked fine (see below) and works fine when directly invoked
Code:
$ sudo /etc/init.d/iptables start

however fails when indirectly invoked
Code:
$ sudo service iptables start
Job for iptables.service failed. See 'systemctl status iptables.service' and 'journalctl -xn' for details.

Code:
$ systemctl status iptables.service
 iptables.service - LSB: Iptable setup
   Loaded: loaded (/etc/init.d/iptables)
   Active: failed (Result: exit-code) since Mon 2015-05-25 17:18:37 PDT; 5s ago
  Process: 4825 ExecStart=/etc/init.d/iptables start (code=exited, status=203/EXEC)

Code:
$ journalctl -xn
No journal files were found.

I don't understand the error except that it "failed" and is loaded.
I have disabled and re-enabled the service with these commands:

Code:
sudo systemctl disable iptables
sudo systemctl enable iptables

which completes successfully but did not fix the problem.


INIT file
Code:
### BEGIN INIT INFO
# Provides:          iptables
# Required-Start:    $network $remote_fs $syslog
# Required-Stop:     $network $remote_fs $syslog
# Should-Start:      $portmap
# Should-Stop:       $portmap
# X-Start-Befo     nis
# X-Stop-After:      nis
# Default-Start:     2 
# Default-Stop:      1
# X-Interactive:     false
# Short-Description: Iptable setup
# Description:       Sets iptable rules
#                    
### END INIT INFO

ipt=/sbin/iptables

loadrules() {

if [ -e /etc/iptables_ruleset ]; then iptables-restore < /etc/iptables_ruleset && exit 0; fi

$ipt -F
$ipt -X

# Policies and Chains
$ipt -P INPUT DROP
$ipt -P FORWARD DROP
$ipt -P OUTPUT ACCEPT
$ipt -N SSH
$ipt -N WEBSERVER

$ipt -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$ipt -A INPUT -i lo -j ACCEPT # Allow loopback

# Services
$ipt -A INPUT -p tcp -m multiport --dport 443,80 -j WEBSERVER # WEBSERVER chain 
$ipt -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j SSH # Jump to SSH chain
$ipt -A INPUT -p tcp -s 192.168.1.1/24 --dport 445 -j ACCEPT # samba

# Reject message for LAN
$ipt -A INPUT -s 192.168.1.1/24 -j REJECT

# WEBSERVER chain
$ipt -A WEBSERVER -p tcp -m multiport --dport 443,80 -m conntrack --ctstate NEW -j LOG
$ipt -A WEBSERVER -p tcp -m multiport --dport 443,80 -j ACCEPT

# SSH chain
$ipt -A SSH -p tcp --dport 22 -m recent --set --name SSH # Set SSH recent
$ipt -A SSH -p tcp --dport 22 -m recent --name SSH --update --seconds 10 --hitcount 2 --rttl -j LOG # Log if over counter
$ipt -A SSH -p tcp --dport 22 -s 192.168.1.1/24 -m recent --name SSH --update --seconds 10 --hitcount 10 --rttl -j REJECT # Reject from lan if over counter
$ipt -A SSH -p tcp --dport 22 ! -s 192.168.1.1/24 -m recent --name SSH --update --seconds 10 --hitcount 2 --rttl -j DROP # Drop if over counter
$ipt -A SSH -p tcp --dport 22 -j ACCEPT

iptables-save > /etc/iptables_ruleset
}

removerules() {
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -F
$ipt -X
}

restartrules() {
rm /etc/iptables_ruleset
loadrules
}

case "$1" in
	start)
		loadrules
		;;
	stop)
		removerules
		;;
        restart)
                restartrules
                ;;
    	*)
        	echo "Usage: $0 start|stop|restart" >&2
        	exit 3
        	;;
esac

Edit:
Checking /var/log/daemon.log gives me this info:
Code:
May 25 19:13:29 hostname systemd[6004]: Failed at step EXEC spawning /etc/init.d/iptables: Exec format error
May 25 19:13:29 hostname systemd[1]: iptables.service: control process exited, code=exited status=203
May 25 19:13:29 hostname systemd[1]: Failed to start LSB: Iptable setup.
May 25 19:13:29 hostname systemd[1]: Unit iptables.service entered failed state.

Iptables Question

Hi,

So, I am learning meteor.js and signed up for a (cheap, i.e no support) VPS to host my Meteor app. Everything is running fine but I am trying to understand better how Linux works so here is my question:

I am running CentOS 7 on the VPS but it still uses iptables for its firewall.

I had to enable port 80 to access the web server. However, if I reboot the server, it stops working until I do
Code:
iptables -F

Then everything works. But I am thinking that -F might not be the best thing. I have changed the default SSH port from 22 to something else and that also works but I don't think I ever added it to the iptables rules.

If I do a port scan, the new SSH port is indicated as open as well as port 80 but others are closed as they are supposed to be.

Any idea what is doing on behind the scenes that requires iptables -F for the web access to work properly and if I shouldn't be doing iptables -F (I have it in the rc.local file), what is the right way of doing it?

(BTW, I am computer literate but not that familiar with Linux, which I am trying to learn now.)


Kamal

Automatically Starting A Python Script On Startup After Reboot...

I am running a headless Linux 17 media/NAS server. I have setup and tested the plexconnect script and it works. My only issue is that I can't figure out how to get the script to automatically run on startup. I tried using the GUI, but it doesn't seem to work.

To get it to work, I have to open terminal and navigate to the directory:

/usr/local/lib/PlexConnect/

Then run: sudo ./PlexConnect.py

The window has to remain open in order to keep running (which isn't an issue as it's headless). I'd just like to not have to login and start it each time the power goes out, or is rebooted.

I tried editing the crontab file and adding the following variations with no luck:
@reboot python /usr/local/lib/PlexConnect/PlexConnect.py
@reboot /usr/local/lib/PlexConnect/PlexConnect.py

Neither has worked. Does anyone know what I'm doing wrong?

Thanks!

Crontab Random Delay Not Working

I am trying to delay the daily reboot of multiple Linux machines by a random time, within one hour.

This is to avoid a simultaneous reboot of all the Linux machines at the same time.

I also want to avoid specifying a time in cron. I want it to be completely random between 00:00 and 01:00.

So far I tried the commands below, but no luck. The machines still reboot at midnight.

Code:
@daily /bin/sleep $((RANDOM\%3600)) && /sbin/reboot
@daily /bin/sleep $(/usr/bin/expr $RANDOM \% 3600); /bin/reboot

Ftp Stops As Well As Firewall Stops

Hi,

I am running a centOS 6 server , with public ip as web-server. Sometimes the ftp service & firewall ( system-config-firewall) gets dead /crashed.

i have to start messagebus service in-order to start firewall.


what is the real cause of this issue ? Dos attack ?

netstat doesn't show any unusual ip connections

Issues With RAID- Creating As /dev/md127 Instead Of What's In The Config

Hi,
Recently, I decided to change my partition scheme for my home server. I had a RAID0 that previously spanned three disks and now I only want it to span two. Getting rid of the old one was easy. But getting the new one to work has been a real pain.

It's running Debian Jessie.

For starters, here's my /etc/mdadm/mdadm.conf:
Code:
root@maples-server:~# cat /etc/mdadm/mdadm.conf 
# mdadm.conf
#
# Please refer to mdadm.conf(5) for information about this file.
#

# by default (built-in), scan all partitions (/proc/partitions) and all
# containers for MD superblocks. alternatively, specify devices to scan, using
# wildcards if desired.
#DEVICE partitions containers
DEVICE /dev/sdb1 /dev/sdc1

# auto-create devices with Debian standard permissions
CREATE owner=root group=disk mode=0660 auto=yes

# automatically tag new arrays as belonging to the local system
HOMEHOST <system>

# instruct the monitoring daemon where to send mail alerts
MAILADDR root

# definitions of existing MD arrays

ARRAY /dev/md0 metadata=1.2 UUID=032e4ab2:53ac5db8:98806abd:420716a5 devices=/dev/sdb1,/dev/sdc1

As you can see, I have it specified to setup the RAID as /dev/md0. But every time I reboot, my /proc/mdstat shows:
Code:
root@maples-server:~# cat /proc/mdstat 
Personalities : [raid0] 
md127 : active raid0 sdc1[1] sdb1[0]
      488016896 blocks super 1.2 512k chunks
      
unused devices: <none>

I can confirm that it's actually md127 by looking at /dev:
Code:
root@maples-server:~# ls -l /dev/md*
brw-rw---- 1 root disk 9, 127 May  2 20:17 /dev/md127

/dev/md:
total 0
lrwxrwxrwx 1 root root 8 May  2 20:17 maples-server:0 -> ../md127

And here's a bit more info:
Code:
root@maples-server:~# mdadm --detail --scan
ARRAY /dev/md/maples-server:0 metadata=1.2 name=maples-server:0 UUID=032e4ab2:53ac5db8:98806abd:420716a5

I've tried adding all sorts of options to /etc/mdadm/mdadm.conf, ranging from just the output of the above command (only changing "/dev/md/maples-server:0" to "/dev/md0") to what you see at the top. Nothing seems to be making a difference.

Does anyone have any ideas?

Check If A Tunnel Is Up - If Not, Log It.

I am using the following command to establish a reverse ssh tunnel with an ssh server

Code:
ssh root@my.hostname.here -R 5001:localhost:22

The server is rebooted every night and the tunnel is established automatically on reboot successfully every time.

What I need to do, is run a check, and if for some reason the tunnel is not established, I want to log it in a log file.

How can I reliably check if the tunnel is up or not?
Keep in mind that other ssh sessions might be active at the time, so I don't want the checking method to pick up any of those successful sessions. It has to check only the tunnel.

Thanks

Systemd Starting Services

hi all

I am learning systemd and how to add new services as part of the LFS201 course and I have a question about the services:
Code:
Lab 4.2: Adding a New Startup Service with systemd
For example a very minimal file named
/etc/systemd/system/fake2.service:
[Unit]
Description=fake2
After=network.target
[Service]
ExecStart=/bin/echo I am starting the fake2 service
ExecStop=/bin/echo I am stopping the fake2 service
[Install]
WantedBy=multi-user.target

Code:
root@ubuntu:/etc/systemd/system# systemctl start fake.service
root@ubuntu:/etc/systemd/system# systemctl status fake.service
 fake.service - fake
   Loaded: loaded (/etc/systemd/system/fake.service; disabled; vendor preset: enabled)
   Active: inactive (dead)

May 16 11:41:05 ubuntu systemd[1]: Started fake.
May 16 11:41:05 ubuntu systemd[1]: Starting fake...
May 16 11:41:05 ubuntu echo[1798]: I am starting the fake2 service
May 16 11:41:05 ubuntu echo[1800]: I am stopping the fake2 service
root@ubuntu:/etc/systemd/system# ps aux | grep fake*
root      1809  0.0  0.0  13688  2272 pts/8    S+   11:41   0:00 grep --color=auto fake.service
root@ubuntu:/etc/systemd/system#

as you can see the fake2 service is really only two lines. And when I grep for the service via ps I can't fine it. I guess it is because it has finished running. I am wondering how can I change it so that I can keep it running?

thanks

Mint 17 Cinnamon Failed, Stuck In Fallback (likely Caused By Graphics Driver Install)

Hi LQ,
I am currently experiencing an issue on a fresh install of Mint 17.1 Cinnamon in which I am permanently stuck in fallback mode (that is, unless I hard shutdown or reboot) on an aging laptop with AMD Radeon HD 4200 graphics (considered legacy). I believe this issue was caused by a failed install of AMD's latest linux graphics drivers, in which I literally opened the .run file and attempted to install. The install failed (some error), of course, but when I rebooted, I was kicked into fallback. After some googling, I autoremoved fglrx then installed fglrx, as I read would reinstall fglrx, the proprietary drivers for AMD cards and rebooted. Still stuck in fallback. I removed and installed Xorg and rebooted. Still stuck in fallback. I downloaded the AMD legacy drivers from AMD's site (my card's series included with this set). Had to change the permissions to run this .run file but eventually ran it from terminal, but this install also failed (claimed I was missing tool(s), despite not indicating precisely what I was missing). I'm still rummaging around for fixes, but maybe asking can help. I can provide some more info below, but let me know what else you need (and how to get it) if you wish to help. I really want linux to work out for me instead of shelling out $$ for Windows, but so far this has been a rocky start. Thanks


Code:
inxi -G

yields
Code:
Graphics:   Card: AMD RS880M [Mobility Radeon HD 4225/4250]
X.Org: 1.15.1
drivers: fbdev,ati,radeon (unloaded: fglrx,vesa)
Resolution: 1024x768@76hz
GLX Renderer: N/A
GLX Version: N/A


Code:
lshw -C video

yields
Code:
*-display UNCLAIMED
description: VGA compatible controller
product: RS880M [Mobility Radeon HD 4225/4250]
vendor: AMD
physical id: 5
...(bunch of stuff on specs)

Have also did apt-get update and apt-get dist-upgrade.
Still no luck, let me know what you think.

I Tried To Full Install Puppy Linux 4.3.1 From Cd But Will Not Reboot Without Cd

Im trying to break free from windows. just got puppy 4.3.1 and know nothing about linux . after trying a full install it will not reboot without cd in the drive, just says error loading operating system.My system has more than required amount of ram and almost 40 gig hd. have only 1 partition formated to ext2. could not figure how to use grub.

ps. also canot connect to wireless router