Date:  Thu, 16 Feb 2006 17:09:45 -0600
From:  Larry Smith <lesmith (at mark) ecsis.net>
Subject:  [coba-e:04109] Re: APF
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200602161709.45306.lesmith (at mark) ecsis.net>
In-Reply-To:  <20060216205406.GA20752 (at mark) xs4all.nl>
References:  <20060216171841.GA4659 (at mark) xs4all.nl> <200602161929.09900.bq (at mark) solarspeed.net> <20060216205406.GA20752 (at mark) xs4all.nl>
X-Mail-Count: 04109

On Thursday 16 February 2006 14:54, Maurice de Laat wrote:
> On Thu, Feb 16, 2006 at 07:29:09PM +0100, Michael Stauber wrote:
> > Do you by chance have LCAP installed and active?
>
> At this point, I have to ask 'what is LCAP?',
> so I guess the answer is no :-)
>
> > If so, the required kernel module(s) for iptables cannot be loaded once
> > LCAP has kicked in.
>
> It is not that iptables doesn't want to load. I can start APF (based on
> iptables), and it blocks p.e. connection to the mysql-port. But at the
> next full hour (when /etc/cron.hourly/log_traffic run) the firewall isn't
> working anymore, because I can connect to the mysql port again.

OK,  your problem is that log_traffic "automatically" rebuilds the iptables 
firewall every hour.

/etc/sysconfig/iptables:
<quote>
# /etc/sysconfig/iptables
# This file is automatically generated by log_traffic.
# Any manual changes will be lost
</quote>

meaning that regardless of what you "load" to iptables, it will run the 
command "iptables-restore < /etc/sysconfig/iptables" every time log_traffic 
runs and replace yours.

You need to make your changes in /etc/cron.hourly/log_traffic script 
(carefully) and then test (save backups) to make sure that when log_traffic 
replaces the iptables file it keeps your changes on "refresh".

-- 
Larry Smith
SysAd ECSIS.NET
sysad (at mark) ecsis.net