• BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






Correcting an existing Firewall on Ubuntu Server 12.04

General questions about Security.

Correcting an existing Firewall on Ubuntu Server 12.04

New postby michael-lentz on Tue Sep 16, 2014 9:46 am

I am familiar with using IPTOOLS and UFW and have set up new firewalls.
I have 'inherited' a remote server with a very complicated firewall that I want to get rid of, and start ove using SSH.

There is a file called /root/firewall.rules. Does this firewall get automatically loaded at reboot ?
If I delete this file and reboot, will I get the Default Firewall ?
michael-lentz
 
Posts: 2
Joined: Tue Sep 16, 2014 9:29 am

Re: Correcting an existing Firewall on Ubuntu Server 12.04

New postby Patton on Wed Sep 17, 2014 2:20 pm

michael-lentz wrote:I am familiar with using IPTOOLS and UFW and have set up new firewalls.
I have 'inherited' a remote server with a very complicated firewall that I want to get rid of, and start ove using SSH.

There is a file called /root/firewall.rules. Does this firewall get automatically loaded at reboot ?
If I delete this file and reboot, will I get the Default Firewall ?


/root/firewall.rules maybe loaded by the previous server account owner in a startup script but not by default. I would sugguest simply renaming the file, rebooting and then running
Code: [Select all] [Expand/Collapse] [Download] (Untitled.bsh)
  1. iptables -L
"If everyone is thinking alike, then somebody isn't thinking." - George S. Patton
User avatar
Patton
 
Posts: 18
Joined: Tue Dec 10, 2013 11:22 pm

Re: Correcting an existing Firewall on Ubuntu Server 12.04

New postby michael-lentz on Thu Sep 18, 2014 8:39 am

I removed the /root/firewall.rules file, and rebooted.
I ran my own firewall.sh and firewall looked good.
After a few minutes I checked, and the firewall returned to the previous firewall.
I ran my own firewall.sh again, and now it is staying.

Something must be loading the old firewall from somewhere else.
I did a Grep of the system for a string I found inside the old firewall but got no hits.
michael-lentz
 
Posts: 2
Joined: Tue Sep 16, 2014 9:29 am

Re: Correcting an existing Firewall on Ubuntu Server 12.04

New postby Patton on Thu Sep 18, 2014 10:07 am

michael-lentz wrote:I removed the /root/firewall.rules file, and rebooted.
I ran my own firewall.sh and firewall looked good.
After a few minutes I checked, and the firewall returned to the previous firewall.
I ran my own firewall.sh again, and now it is staying.

Something must be loading the old firewall from somewhere else.
I did a Grep of the system for a string I found inside the old firewall but got no hits.


If its loading sometimes after the system is rebooted I would chech
Code: [Select all] [Expand/Collapse] [Download] (Untitled.bsh)
  1. crontab -e


Look for lines like iptables-save > /root/somefile or service iptables save > /root/somefile or /sbin/iptables-restore < /root/somefile


Also

Code: [Select all] [Expand/Collapse] [Download] (Untitled.bsh)
  1. for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done


will find all crontabs by all users both legit and malicious.
"If everyone is thinking alike, then somebody isn't thinking." - George S. Patton
User avatar
Patton
 
Posts: 18
Joined: Tue Dec 10, 2013 11:22 pm


Return to Security General Help

Who is online

Users browsing this forum: No registered users and 0 guests

  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free
cron