On Wed, 2008-06-04 at 14:00 +0100, Barry Samuels wrote:
If I then restart the firewall all those old rules re-appear even though there is nothing in the Firestarter configuration to generate them.
I am thinking that something somewhere has run iptables-save on your box and stashed a ruleset somewhere (one would like to hope in /etc) and then whatever method you use to start the firewall calls iptables-restore. How are you starting and stopping the firewall ? iptables as such doesn't start and stop you just flush rules or load them...there is probably an init script somewhere that does this.
Rightly or otherwise I tend to stick a pre-up and post-down line in /etc/network/interfaces under the relevant interface so that as the interface is started the rules load. So it might be worth looking in there for something like
pre-up iptables-restore < /etc/iptables.rules post-down iptables-save > /etc/iptables.rules
In your case the iptables.rules file would contain the rules you want rid off
That saves the current ruleset when the interface goes down and applies it next time the interface is started, thus making my rules persistent across (clean) reboots.
It wouldn't shock me to hear that upon removal guarddog leaves it's rules behind in a mechanism similar to this, annoying as it would be it would be the "safe" option where removal of a package doesn't open the interfaces up