Results 1 to 11 of 11
  1. #1
    Join Date
    May 2006
    Posts
    249

    APF & iptables... hm.. iptables is not starting..

    Hello,

    I have installed APF on box and set ports for in and out and enabled it.. of course, iptables is running from booting..



    Code:
    [[email protected] /]# runlevel
    N 3
    [[email protected] /]# chkconfig --list | grep iptables
    iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
    [[email protected] /]# chkconfig --list | grep apf
    apf             0:off   1:off   2:off   3:on    4:on    5:on    6:off
    but when I check it like this

    Code:
    [[email protected] ~]# service iptables status
    Firewall is stopped.
    [[email protected] ~]# service iptables start
    Flushing firewall rules:                                   [  OK  ]
    Setting chains to policy ACCEPT: mangle filter             [  OK  ]
    Unloading iptables modules: ^[[A                           [  OK  ]
    [[email protected] ~]# service iptables status
    Firewall is stopped.

    it said iptables is stop...even I start manually...

    I am not sure APF is running correctly because of iptables..

    anyone can tell? and give advise?

    Thanks

  2. #2
    Join Date
    Oct 2006
    Location
    arizona/romania
    Posts
    169

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Apf does not start iptables.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Join Date
    May 2006
    Posts
    249
    Here is output

    Code:
    [[email protected] /]# lsmod
    Module                  Size  Used by
    md5                     4352  1
    ipv6                  244224  10
    parport_pc             27716  1
    lp                     12204  0
    parport                35144  2 parport_pc,lp
    ipt_TOS                 2560  0
    iptable_mangle          2944  0
    ip_conntrack_ftp       72752  0
    ip_conntrack_irc       71600  0
    ipt_REJECT              7296  0
    ipt_limit               2432  0
    ipt_multiport           2176  0
    ipt_state               2048  0
    ip_conntrack           44820  3 ip_conntrack_ftp,ip_conntrack_irc,ipt_state
    autofs4                18564  0
    sunrpc                142180  1
    ipt_LOG                 6912  0
    iptable_filter          3712  0
    ip_tables              17792  8 ipt_TOS,iptable_mangle,ipt_REJECT,ipt_limit,ipt_multiport,ipt_state,ipt_LOG,iptable_filter
    dm_mirror              21716  2
    dm_mod                 59132  1 dm_mirror
    video                  15620  0
    button                  6672  0
    battery                 9348  0
    ac                      4868  0
    uhci_hcd               32016  0
    i2c_piix4               8592  0
    i2c_core               21904  1 i2c_piix4
    snd_ens1371            21284  0
    snd_rawmidi            23712  1 snd_ens1371
    snd_seq_device          8716  1 snd_rawmidi
    snd_ac97_codec         70752  1 snd_ens1371
    snd_pcm_oss            53284  0
    snd_mixer_oss          19072  1 snd_pcm_oss
    snd_pcm                93064  3 snd_ens1371,snd_ac97_codec,snd_pcm_oss
    snd_timer              24196  1 snd_pcm
    snd                    53348  8 snd_ens1371,snd_rawmidi,snd_seq_device,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer
    soundcore               9440  1 snd
    snd_page_alloc          9860  1 snd_pcm
    pcnet32                27012  0
    mii                     5248  1 pcnet32
    floppy                 58064  0
    and

    Code:
    [[email protected] /]# iptables -nL
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination

  5. #5
    Iptables looks to be running then; only with no rules. Run apf -r to reload your Iptables rules then run iptables -n -L
    Last edited by FirmbIT; 11-08-2006 at 01:19 AM.

  6. #6
    Join Date
    Jul 2006
    Location
    San Diego, CA, USA
    Posts
    690
    why does it saying like that?

    [[email protected] ~]# service iptables status
    Firewall is stopped.
    [[email protected] ~]# service iptables start
    Flushing firewall rules: [ OK ]
    Setting chains to policy ACCEPT: mangle filter [ OK ]
    Unloading iptables modules: ^[[A [ OK ]
    [[email protected] ~]# service iptables status
    Firewall is stopped.

  7. #7
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Apf DOES NOT load iptables that way. Apf does not use that method of loading iptables at all, that is WHY it does not work.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  8. #8
    Join Date
    May 2006
    Posts
    249
    You are keeping saying that it does not work or I am not right like that. I have asked what is problem...!! and pleased advise..

    I know APF is not loading iptables, it is just easy management for iptables..so iptables should be running..right?

    but when I check iptables

    service iptables status

    and it said stop and I have restarted, and it showed it is up and running, but when I check status again, it said it is not up.....

    I am not sure what is problem..since iptables status is down, there is no meaning even apf is running..

    is this fine or not?

    Thanks

  9. #9
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    I am going to keep telling you over and over

    the serivce iptables status (/etc/init.d/iptables) script is not used by apf and cannot be used to check the status of apf.


    apf -s
    apf -st

    You should get alot of feedback.

    usage /usr/local/sbin/apf [OPTION]
    -s|--start ......................... load firewall policies
    -r|--restart ....................... flush & load firewall
    -f|--flush|--stop .................. flush firewall
    -l|--list .......................... list chain rules
    -st|--status ....................... firewall status
    -a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
    immediately load new rule into firewall
    -d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
    immediately load new rule into firewall
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  10. #10
    Join Date
    May 2006
    Posts
    249
    Yes, I understand that.. but what I meant..

    to work correctly.. iptables should be running, correct? and it to load whatever rules set by apf.. correct? am I understand correctly?

    so if iptables is off and apf is on, it will not function correctly, correct?

    so when I check status of iptables, it was down, so I have started and received it is up and running...But when I check status again via

    service iptables status.. it said down..

    so...

  11. #11
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    So what happened when you tried "apf -s"? You haven't told us that, which is why people aren't helping you any more.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •