Iptables and Logins at boot-up

Janina Sajka janina at rednote.net
Sun Oct 10 13:44:04 UTC 2004

Andor Demarteau writes:
> On Sat, 9 Oct 2004, John J. Boyer wrote:
>  > Thanks to all who helped with the ssh problem. There were two gotchas.
>  > Iptables was blocking all connections, and password authentication was
>  > turned off. Now I want to use the target machine to receive mail and for
>  > backup. When I boot the target machine, iptables is on and I have to log
>  > in as root to turn it off. How can I set iptables to be off at boot time?
>  > Or, better, to accept ssh and scp only from the source machine?
> well if you can login already as root, you probably can login as any user.
> Find the line in your rule-set that allows ssh-access (port 22).
> add to this line the -s or --source flag with the ip-address of the
> souce-box.
> providing the output-chaing allows all outgping traffic, that's all.
> Disableing iptables may not be a good idea security-wise.
>  > Two user accounts receive mail continuously. I would like to have them

>  > automatically logged on at boot time. Is this possible? How?

John, you're reinventing the wheel here, and your coming up with a
square. That's not the proper means toward this end. You don't want
those users always logged on. You actually want them to receive their
mail without always entering a password.

Look at the ssh man page and put together an appropriate
.ssh/authorized_keys file. That will take care of that.

The more correct resolution is:

1.)	Upgrade as per my last message.

2.)	Configure your machine to receive mail (on port 25)

3.)	Configure TLS authentication

4.)	Have your users use TLS to get and send mail.

This way, they'll be able to access the mail server from anywhere--even
half way around the world in a hotel room.

What you're talking about is a quick work around that has implications
you just haven't considered sufficiently. Some of those are being
pointed out in other messages.

More information about the Blinux-list mailing list