Firewall issues

**Silverflames** · 10-14-2010

I have a slight issue with Iptables. After a Red Hat upgrade if you start the server up in run level 5 it hangs when it gets to starting firewall. If you switch to run level 3 and boot up the firewall starts with no issues.

Is there any logical explanation for this? It seems a bit odd to me. If Iptables is broke after an upgrade then it should be having problems in both run levels.

**Irithori** · 10-14-2010

What get's blocked by the fw?

**Silverflames** · 10-14-2010

I've edited this a bit, but what exactly is it doing, and could this cause it to hang when it's in init level 5?

IPTABLES -A tcp_packets -p TCP -s 0/0 --dport xxxx

xxx -j allowed

Its related to X sessions...

I keep looking at the configuration and it seems to list a lot of applications that are allowed, and it goes on about bad tcp packets that are to be rejected.

**Irithori** · 10-14-2010

ok, so you defined your own tables.

Generally I would say 0/0 does nothing and also that the table "allowed" is more or less a ACCEPT?
But the latter only you can tell.

If it is indeed a ACCEPT, then it shouldnt be responsible for your problems.
Can you tell, what actually is blocked?

Also, is it a possibilty to boot to runlevel 3, disable the fw and issue a startx?
(requires the machine being fairly secure without fw at least for a short time of course)

**Lazydog** · 10-19-2010

Originally Posted by Silverflames

I have a slight issue with Iptables. After a Red Hat upgrade if you start the server up in run level 5 it hangs when it gets to starting firewall. If you switch to run level 3 and boot up the firewall starts with no issues.

Is there any logical explanation for this? It seems a bit odd to me. If Iptables is broke after an upgrade then it should be having problems in both run levels.

What does the log files show is happening?

**Silverflames** · 10-19-2010

Its that line. When removed everything works fine. I've just removed it for now. It looks like it was an old rule put in some time ago that isn't very relevant anymore.

Thanks for your help.

**Silverflames** · 10-19-2010

Correction I thought it was that line. When I removed it and started up it didn't hang. I put the rule back in...it hung again. I removed the rule and it hung! So I don't know why it seemed to work to begin with.

What I'm having trouble with grasping is why iptables should break after an upgrade. It's not like the network settings have changed or anything. Rules don't suddenly change from one version of iptables to the next.

**gooney0** · 10-22-2010

Silverflames,

My guess is that it's a bug in the way RH is implementing your rules. Perhaps you could rewrite the rule omitting the -s 0/0.

Do you get the same results if you enter that line manually?

-Gooney0

**Silverflames** · 10-22-2010

I think the best thing to do is to set iptables up again. I tried updating a very similar server , and I've had no issues with the iptables configuration. The only thing I did differently was to reboot after I had installed the kernel. Before I just installed it then went on to install the other updates. Perhaps that could have had an effect? Probably not the wisest of moves.

Thread Tools

Display

Firewall issues

Posting Permissions