Debian Testing (uptodate) - kernel 2.6.24
If I list my Iptables rules they include rules which contain the domain names of two of my previous ISPs but I can't find what is generating these rules.
I use Firestarter at present and previously used Guarddog. I think that it was Guarddog which generated these rules but I have long ago uninstalled (purged) that package and nothing of it remains.
If I use Firestarter to stop the firewall all I'm left with is:
Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
If I then restart the firewall all those old rules re-appear even though there is nothing in the Firestarter configuration to generate them.
I find the iptables syntax a complete mystery which is why I use packages like Guarddog and Firestarter.
Where can I look to try and find where these rules are coming from?
On Wed, 2008-06-04 at 14:00 +0100, Barry Samuels wrote:
If I then restart the firewall all those old rules re-appear even though there is nothing in the Firestarter configuration to generate them.
I am thinking that something somewhere has run iptables-save on your box and stashed a ruleset somewhere (one would like to hope in /etc) and then whatever method you use to start the firewall calls iptables-restore. How are you starting and stopping the firewall ? iptables as such doesn't start and stop you just flush rules or load them...there is probably an init script somewhere that does this.
Rightly or otherwise I tend to stick a pre-up and post-down line in /etc/network/interfaces under the relevant interface so that as the interface is started the rules load. So it might be worth looking in there for something like
pre-up iptables-restore < /etc/iptables.rules post-down iptables-save > /etc/iptables.rules
In your case the iptables.rules file would contain the rules you want rid off
That saves the current ruleset when the interface goes down and applies it next time the interface is started, thus making my rules persistent across (clean) reboots.
It wouldn't shock me to hear that upon removal guarddog leaves it's rules behind in a mechanism similar to this, annoying as it would be it would be the "safe" option where removal of a package doesn't open the interfaces up
On 04/06/08 15:37:27, Wayne Stallwood wrote:
On Wed, 2008-06-04 at 14:00 +0100, Barry Samuels wrote:
If I then restart the firewall all those old rules re-appear even though there is nothing in the Firestarter configuration to generate them.
I am thinking that something somewhere has run iptables-save on your box and stashed a ruleset somewhere (one would like to hope in /etc) and then whatever method you use to start the firewall calls iptables-restore.
It turned out to be old nameserver entries in /etc/resolv.conf. Firestarter must automatically add rules for those entries and now that I've removed the old nameserver entries the old iptables rules have gone.
-
Barry Samuels -
Wayne Stallwood