Page 1 of 2
Iptables restore scheduled?
Posted: 14 Jan 2012, 14:34
by Eek
Hi
Maybe it is something I do !?
but lately I noticed that "suddenly" my iptables was restored
to the settings in the /etc/network/firewall.conf
Is there a scheduled script that does this?
Re: Iptables restore scheduled?
Posted: 14 Jan 2012, 15:53
by Gordon
I don't think so. Maybe you had a power outage?
Re: Iptables restore scheduled?
Posted: 14 Jan 2012, 17:04
by Ubi
there is no scheduled script in the default distro afaik. Power hiccup seems most logical, and can be detected with uptime
Re: Iptables restore scheduled?
Posted: 16 Jan 2012, 01:28
by Eek
Thanks for the reply.
I will investigate further.
There has not been a power outage, confirmed by uptime
Re: Iptables restore scheduled?
Posted: 16 Jan 2012, 02:40
by johannes
Perhaps you (or someone) edited the settings in the web gui?
Re: Iptables restore scheduled?
Posted: 16 Jan 2012, 11:18
by Eek
thanks Johannes,
but nobody but me uses the web-gui
and I really don't use it
I have script running to check every minute a specific iptables entry,
which is not in the firewall.conf
That way i can find out if and when the iptables get restored to the settings in the firewall.conf
Re: Iptables restore scheduled?
Posted: 16 Jan 2012, 11:26
by johannes
Just found out that a web uptdate on pre 2.3.2 systems would do this as well. Did you do an update?
Re: Iptables restore scheduled?
Posted: 16 Jan 2012, 11:36
by Eek
No did not do an update.
I am still on 2.3.1
but good to know it will reset the iptables.
so not suprises there then
Re: Iptables restore scheduled?
Posted: 16 Jan 2012, 16:49
by johannes
Then I am out of clues as well.
Re: Iptables restore scheduled?
Posted: 26 Jan 2012, 03:21
by Eek
Allright,
I found out that indeed something is reverting the iptables configuration back to the iptables in the /etc/network/firewall.conf file.
20120120.23:31:30 Chain pptp (1 references)
20120120.23:31:58
20120122.18:46:14 Chain pptp (1 references)
20120122.18:46:42
20120125.21:12:09 Chain pptp (1 references)
20120125.21:12:37
And saw that also the timestamp on the /etc/network/firewall.conf file had changed,
which made me think, maybe it is not only on that file.
$ find /etc -ls|grep "Jan 25 21:"
540673 4 drwxr-xr-x 98 root root 4096 Jan 25 21:12 /etc
542301 4 -rw-r--r-- 1 root root 48 Jan 25 21:12 /etc/resolv.conf
542193 4 drwxr-xr-x 2 root root 4096 Jan 25 21:12 /etc/samba
541000 0 -rw-r--r-- 1 root root 0 Jan 25 21:12 /etc/samba/dhcp.conf
542102 4 drwxr-xr-x 6 root root 4096 Jan 25 21:12 /etc/network
541327 4 -rw-r--r-- 1 root root 1136 Jan 25 21:12 /etc/network/firewall.conf
Which brought me to this entry in the syslog
Jan 25 21:12:20 b3 dhclient: DHCPREQUEST on eth0 to xyz.xyz.xyz.xyz port 67
Jan 25 21:12:20 b3 dhclient: DHCPACK from xyz.xyz.xyz.xyz
Jan 25 21:12:21 b3 dhclient: bound to xyz.xyz.xyz.xyz -- renewal in 131035 seconds.
So it looks like the dhcp renewal proces is also restoring the iptables config?
Re: Iptables restore scheduled?
Posted: 26 Jan 2012, 12:31
by Gordon
Actually that makes a lot of sense if you look at the dependencies declared in the bubba-firewall script:
Code: Select all
# X-Start-Before: ifupdown ifplugd
# X-Stop-After: ifupdown ifplugd
Re: Iptables restore scheduled?
Posted: 26 Jan 2012, 15:07
by johannes
If I am not completely mistaken ifplugd runs on every plug event, such as boot, link up etc. It should not run just with dhcp renewal by expiry. Can this be the root cause?
Re: Iptables restore scheduled?
Posted: 26 Jan 2012, 16:01
by Gordon
johannes wrote:If I am not completely mistaken ifplugd runs on every plug event, such as boot, link up etc. It should not run just with dhcp renewal by expiry. Can this be the root cause?
I'd doubt that the log lines shown will be the only ones of interest here. The fact that something appears to have happened with Samba as well would implicate that the DHCP request was the result of a restart of the eth0 device at minimum (or likely all of networking).
Only thing is you'd expect this to trigger a "stop" first and thus change the content of the firewall.conf file. Whether that did not happen was caused by the script misbehaving or some kind of race condition is the intriguing part.
Re: Iptables restore scheduled?
Posted: 27 Jan 2012, 02:55
by Eek
Thanks for the replies.
There has to my knowledge not been a restart of the eth0 device nor restarts.
So maybe it is indeed an unexpected behavior
I will investigate the scripts.
Re: Iptables restore scheduled?
Posted: 27 Jan 2012, 16:55
by Eek
Hi
I think i found it:
/etc/dhcp/dhclient-exit-hooks.d/firewall_rewrite
Code: Select all
# Check if this is the right reason and interface for us
if [ "$reason" != "BOUND" ] && [ "$reason" != "RENEW" ] && [ "$reason" != "REBIND" ] || [ "$interface" != "eth0" ]
then
echo "Firwall rewite, nothing todo."
else
# Update firewall config.
echo "Update firewall config"
sed -i "s/PREROUTING -d [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\/[0-9]*/PREROUTING -d $new_ip_address\/32/" /etc/network/firewall.conf
echo "Activate updated firewall config."
/sbin/iptables-restore /etc/network/firewall.conf
fi
As I understand it: when a RENEW of my eth0 dhcp is needed, it does not save the iptables and then does the clever sed for the PREROUTING, but i uses the file /etc/network/firewall.conf.
Which why my iptables get reset to the default.
