Author Topic: Firewall settings don't stick  (Read 555 times)

slvadcjelli42

  • Member
  • **
  • Posts: 155
  • Kudos: 0
Firewall settings don't stick
« on: 22 August 2003, 05:19 »
I've noticed that when using Redhat's "Security Level Configuration" tool to set firewall rules (redhat-config-securitylevel) in Redhat 8 it won't allow me to change them (No, it doesn't matter if I'm root, i'm sure someone is going to wonder about that   ;)  ). It acts as though they have been changed but displays the same default settings the next time I use the program. There is a hardware firewall between this computer and the internet anyway, so it isn't even really necessary... anybody know of a way to forcefully change / disable this?

raptor

  • Member
  • **
  • Posts: 231
  • Kudos: 56
    • http://calyptos.com
Firewall settings don't stick
« Reply #1 on: 22 August 2003, 05:51 »
dont deal with 8 get 9!
"in a world without fences, who needs gates?"


Stryker

  • VIP
  • Member
  • ***
  • Posts: 1,258
  • Kudos: 41
Firewall settings don't stick
« Reply #2 on: 22 August 2003, 05:59 »
what do u want it to be at?
what does the following command give you:

ls -l /etc/sysconfig

what are the contents of /etc/sysconfig/iptables
(or ipchains, not sure which it is...)

slvadcjelli42

  • Member
  • **
  • Posts: 155
  • Kudos: 0
Firewall settings don't stick
« Reply #3 on: 22 August 2003, 06:00 »
haha yes, I've been trying to (I actually have the ISO's but am having trouble burning them right now). I figured I was just doing something stupid, but... you think I won't have this problem in 9?

Stryker

  • VIP
  • Member
  • ***
  • Posts: 1,258
  • Kudos: 41
Firewall settings don't stick
« Reply #4 on: 22 August 2003, 06:05 »
xcdroast is great, u try it?

and you dont have to go to redhat 9 to have things working... you'll have to excuse raptor he's been an avid windows user for quite some time. you posted a minute after i did so i dont think u saw my previous post.

slvadcjelli42

  • Member
  • **
  • Posts: 155
  • Kudos: 0
Firewall settings don't stick
« Reply #5 on: 22 August 2003, 06:44 »
First of all, yes, that's exactly what I did (I was typing my post as you posted yours). Also, yeah, I've been using xcdroast for burning every ISO I download, only had trouble recently... I don't know, there might have been something wrong with the CD's... or maybe it was the settings... whatever.

I want it to be at... medium I guess is fine... specifically I want to have some ports (25, 22 and 110) open...

Anyway, here's that information.

 ls -l /etc/sysconfig
total 136
-rw-r--r--    1 root     root         4580 Jun 23  2002 apmd
drwxr-xr-x    2 root     root         4096 Aug 17 14:43 apm-scripts
-rw-r--r--    1 root     root          112 Aug 17 14:55 authconfig
-rw-r--r--    1 root     root           44 Aug 17 14:55 clock
drwxr-xr-x    2 root     root         4096 Sep  4  2002 console
-rw-r--r--    1 root     root           16 Aug 17 14:57 desktop
-rw-r--r--    1 root     root           17 Aug 17 14:04 firstboot
-rw-r--r--    1 root     root           88 Jun 23  2002 gpm
-rw-r--r--    1 root     root           25 Aug 17 14:55 grub
-rw-r--r--    1 root     root         1331 Jun 26  2002 harddisks
-rw-r--r--    1 root     root         4453 Aug 20 22:22 hwconf
-rw-r--r--    1 root     root           80 Aug 17 14:55 i18n
-rw-r--r--    1 root     root          952 Jun 18  2002 init
-rw-r--r--    1 root     root           74 Aug 17 14:55 installinfo
-rw-------    1 root     root          621 Aug 18 19:00 iptables
-rw-r--r--    1 root     root           58 Jul  9  2002 irda
-rw-r--r--    1 root     root           32 Aug 17 14:55 keyboard
-rw-r--r--    1 root     root          168 Sep  3  2002 kudzu
-rw-r--r--    1 root     root           90 Aug 17 14:55 mouse
-rw-r--r--    1 root     root           46 Aug 17 14:55 network
drwxr-xr-x    4 root     root         4096 Aug 17 14:42 networking
drwxr-xr-x    2 root     root         4096 Aug 17 14:55 network-scripts
-rw-r--r--    1 root     root           85 Aug 31  2002 ntpd
-rw-r--r--    1 root     root           38 Aug 17 14:55 pcmcia
-rw-r--r--    1 root     root          153 Jul 25  2000 rawdevices
-rw-r--r--    1 root     root          146 Sep  3  2002 redhat-config-users
-rw-r--r--    1 root     root          869 Sep  3  2002 redhat-logviewer
drwxr-xr-x    2 root     root         4096 Aug 17 19:50 rhn
-rw-r--r--    1 root     root          111 Apr  6 00:47 samba
-rw-r--r--    1 root     root           20 Mar 26 05:19 sendmail
-rw-r--r--    1 root     root          454 Jun 23  2002 syslog
-rw-r--r--    1 root     root           41 Apr 16 13:05 xinetd


cat /etc/sysconfig/iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
 :o UTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.168.0.1 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT


umm... ok, I noticed what it said about "lokkit" in that second part, so I found lokkit, ran it, and changed some stuff... now this is what it says (although the actual settings don't seem any different)

cat /etc/sysconfig/iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
 :o UTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT

(Edit: first, I should have disabled smilies before... it garbled some of the info. It should be fixed now. Also, forgot to say, thanks for responding.)

[ August 21, 2003: Message edited by: Dirk Gently ]


Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Firewall settings don't stick
« Reply #6 on: 22 August 2003, 21:03 »
i just thought id let you know that that is a great nick. I just finished reading the long dark tea time of the soul and dirk gentlys holistic detective agency.

Now... i've just realized that its been a long while since i've used redhat and cant help you... yet.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

slvadcjelli42

  • Member
  • **
  • Posts: 155
  • Kudos: 0
Firewall settings don't stick
« Reply #7 on: 22 August 2003, 17:49 »
quote:
Originally posted by The Master of Reality / Bob:
i just thought id let you know that that is a great nick. I just finished reading the long dark tea time of the soul and dirk gentlys holistic detective agency.


  :D  Thanks, I think so too. Not many people recognize it (except for here, for some reason) let alone the other one I use sometimes, Svlad Cjelli (although it's happened).

What do you use, out of curiosity?