iptables not loading
We are using ubuntu 10 Lucid. The last time I checked the firewall was running. Currently using command "iptables -nL" won't show the rules. I tried to install apf and do the configuration but the issue persisted.
Appreciate your help.
Thank you
System info:
root@mylinode:~# uname -a
Linux mylinode 2.6.32.16-linode28 #1 SMP Sun Jul 25 21:32:42 UTC 2010 i686 GNU/Linux
root@mylinode:~# dpkg -l | grep iptables
ii apf-firewall 9.7+rev1-1 easy iptables based firewall syste
m
ii iptables 1.4.4-2ubuntu2 administration tools for packet fi
ltering an
ii libiptables-chainmgr-perl 0.9-1 Perl extension for manipulating ip
tables pol
ii libiptables-parse-perl 0.7-1 Perl extension for parsing iptable
s firewall
issue:
root@mylinode:~# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@mylinode:~# cat /etc/iptables.up.rules
*filter
-A INPUT -p udp -m udp –dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport https -j ACCEPT
-A INPUT -p tcp -m tcp --dport http -j ACCEPT
-A INPUT -p tcp -m tcp --dport imaps -j ACCEPT
-A INPUT -p tcp -m tcp --dport imap -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3s -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3 -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp-data -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp -j ACCEPT
-A INPUT -p tcp -m tcp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport smtp -j ACCEPT
-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT
COMMIT
root@mylinode:~# ps aux | grep iptables
root 508 0.0 0.0 1860 596 hvc0 S+ 02:32 0:00 grep --color=auto iptables
2 Replies
Given the simple set of rules you want to apply, I'd suggest using ufw
sudo ufw default deny
sudo ufw allow domain/udp
sudo ufw allow 20000/tcp
sudo ufw allow 10000/tcp
sudo ufw allow https/tcp
sudo ufw allow http/tcp
sudo ufw allow imaps/tcp
sudo ufw allow imap/tcp
sudo ufw allow pop3s/tcp
sudo ufw allow pop3/tcp
sudo ufw allow ftp-data/tcp
sudo ufw allow ftp/tcp
sudo ufw allow domain/tcp
sudo ufw allow ssh/tcp
sudo ufw enable
sudo ufw status
Once enabled, ufw should automatically apply these rules on each boot.
Should you go this route, I recommend doing apt-get purge apf-firewall to remove apf first to avoid having it compete with ufw. You may also have to apt-get install ufw.
Thank you for the reply. Issue is now solved.
root@mylinode:/etc# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@mylinode:/etc# ufw status
Status: active
To Action From
-- ------ ----
53/udp ALLOW Anywhere
20000/tcp ALLOW Anywhere
10000/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
993/tcp ALLOW Anywhere
143/tcp ALLOW Anywhere
995/tcp ALLOW Anywhere
110/tcp ALLOW Anywhere
20/tcp ALLOW Anywhere
21/tcp ALLOW Anywhere
53/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
Also iptables can now display the rules.
Chain INPUT (policy DROP)
num target prot opt source destination
1 ufw-before-logging-input all -- 0.0.0.0/0 0.0.0.0/0
2 ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0
3 ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0
4 ufw-after-logging-input all -- 0.0.0.0/0 0.0.0.0/0
5 ufw-reject-input all -- 0.0.0.0/0 0.0.0.0/0
6 ufw-track-input all -- 0.0.0.0/0 0.0.0.0/0
Appreciate your help.
Thanks,
mayukmok