IPTables doesn't restart

Ed Greshko Ed.Greshko at greshko.com
Wed Dec 8 00:46:31 UTC 2004



Nathaniel Hall wrote:
> I am running an RHAS3 firewall with IPTables.  When I restart IPTables, 
> I get kicked out of my SSH session and everybody around campus gets 
> kicked out of telnet.  Once I have been kicked out, I cannot re-login 
> via SSH.

FWIW, I believe that is the "expected" behavior.  That is shutting down 
IP tables on a firewall closes the drawbridge tight.

I prefer to use shorewall for management of my firewall.  It has a 
feature called "routestopped" that keeps a route open to specific IP's 
when the firewall is shutdown.  This allows you to maintain access from 
a remote location to do maintenance.

Regards,
Ed

Oh, just in case you are interested...  http://www.shorewall.net

> 
> When I get to the local console of the firewall, I am able to login with 
> no prob and restart IPTables with all succeeds and everything goes back 
> to normal.  I took a look at /var/log/messages and here is what I get:
> 
>    /Start of IPTables restart/
>    Dec  7 14:58:44 cs-fw iptables:  succeeded
>    Dec  7 14:58:44 cs-fw last message repeated 2 times
>    Dec  7 14:58:44 cs-fw sshd(pam_unix)[21325]: session closed for user 
> root
>    Dec  7 15:03:29 cs-fw login(pam_unix)[16534]: session opened for user 
> root by LOGIN(uid=0)
>    Dec  7 15:03:29 cs-fw  -- root[16534]: ROOT LOGIN ON tty1
>    Dec  7 15:03:32 cs-fw kernel: ip_tables: (C) 2000-2002 Netfilter core 
> team
>    Dec  7 15:03:32 cs-fw kernel: ip_conntrack version 2.1 (8191 buckets, 
> 65528 max) - 304 bytes per conntrack
>    Dec  7 15:03:32 cs-fw iptables:  succeeded
>    Dec  7 15:03:32 cs-fw iptables:  succeeded
>    /End of second IPTables restart/
> 
> Any ideas?
> 

-- 
"A common mistake that people make when trying to design something
completely foolproof was to underestimate the ingenuity of complete
fools."

--Ford Prefect in "Mostly Harmless".




More information about the redhat-list mailing list