0

This is with CentOS 6. On one of my servers, periodically all IPTables rules are simply dropped and all connections start being blocked. It happens fairly randomly once every few days. I have a script with specific rules in it that I have to rerun to set them back to where I need them.

IPTables.sh looks something like this:

#!/bin/bash
iptables -F
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -s xx.xx.xx.xxx -m tcp --dport 22 -j ACCEPT
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables-save | sudo tee /etc/sysconfig/iptables
service iptables save
service iptables restart

Everything works fine after I run the above script. Any idea what could cause the rules to be reset and have iptables start blocking all incoming connections where I have to login directly to the hardware to reset them?

EDIT: Finally after a year of not being able to figure out the problem I received a cron notification. Now how do I stop this from resetting my rules?

Upgrading csf from v7.59 to 7.60...
Retrieving new csf package...
...5%
...10%
...65%
...70%
...75%
...100%


Unpacking new csf package...

Selecting installer...

Running csf generic installer

Installing generic csf and lfd

Check we're running as root

Checking Perl modules...mode of `os.pl' changed to 0700 (rwx------)
Using configuration defaults
ok
Archer S.
  • 11
  • 2
  • Google searches seemt to suggestion to me that CSF is an iptables front end. If you are not using it to manage your firewall, then you probably should uninstall the package. – Zoredache Jan 28 '15 at 23:58
  • this is because you need to open csf config files and enter your rules there, that simple, do not remove csf, this is by far the most user friendly firewall application! – ADM Jan 29 '15 at 00:24

1 Answers1

0

All the configuration files for csf are in /etc/csf and include:

csf.conf - the main configuration file, it has helpful comments explaining what each option does csf.allow - a list of IP's and CIDR addresses that should always be allowed through the firewall csf.deny - a list of IP's and CIDR addresses that should never be allowed through the firewall csf.ignore - a list of IP's and CIDR addresses that lfd should ignore and not not block if detected csf.*ignore - various ignore files that list files, users, IP's that lfd should ignore. See each file for their specific purpose and tax

ADM
  • 1,353
  • 12
  • 16
  • I see. Looks like I've been settings up my firewall wrong all along. Followed a DigitalOcean tutorial on setting up your firewall for CentOS ages ago. – Archer S. Jan 30 '15 at 16:38