Results 1 to 3 of 3

Thread: SUSE Firewall rules disappearing on FW restart

Hybrid View

  1. SUSE Firewall rules disappearing on FW restart

    We've been getting hit with a lot of Syn floods recently and I've been trying to add some iptable rules to try and mitigate the flood but I find that if I restart the firewall the rules are removed.

    Commands used from :http://www.cyberciti.biz/tips/linux-...on-attack.html

    iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
    iptables -A INPUT -f -j DROP
    iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
    iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

    If I run iptables --list I see the new rules but as soon as the firewall is restarted they disappear. Anyway to stop this from happening ? I restart the firewall through yast.

    Thanks

  2. #2

    Re: SUSE Firewall rules disappearing on FW restart

    Rules put in place by the 'iptables' command are implemented immediately,
    but are only in memory so they are only as persistent as of right now.
    When you restart the firewall it flushes everything and builds from
    more-permanent settings in the Firewall configuration stuff stored in
    /etc/sysconfig/SuSEfirewall2 which is probably how you should try to drop
    things initially assuming there is a directive in there which meets your
    needs (create a backup of the file before tinkering in there, of course).

    Inside that file you may find something like this:

    Code:
    --------------------
    ## Type: string
    #
    # 25.)
    # Do you want to load customary rules from a file?
    #
    # This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
    # READ THE EXAMPLE CUSTOMARY FILE AT
    /etc/sysconfig/scripts/SuSEfirewall2-custom
    #
    #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
    FW_CUSTOMRULES=""
    --------------------

    If you set this to something and then put your iptables commands in there
    I think your firewall restarts will cause those rules to be executed and
    you'll keep your settings. I've not tried this in quite a while, so
    proceed with caution and some tinkering may be in order. Let us know how
    it goes, please.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  3. #3

    Re: SUSE Firewall rules disappearing on FW restart

    On 07/02/2014 19:06, ab wrote:

    > Rules put in place by the 'iptables' command are implemented immediately,
    > but are only in memory so they are only as persistent as of right now.
    > When you restart the firewall it flushes everything and builds from
    > more-permanent settings in the Firewall configuration stuff stored in
    > /etc/sysconfig/SuSEfirewall2 which is probably how you should try to drop
    > things initially assuming there is a directive in there which meets your
    > needs (create a backup of the file before tinkering in there, of course).
    >
    > Inside that file you may find something like this:
    >
    > Code:
    > --------------------
    > ## Type: string
    > #
    > # 25.)
    > # Do you want to load customary rules from a file?
    > #
    > # This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
    > # READ THE EXAMPLE CUSTOMARY FILE AT
    > /etc/sysconfig/scripts/SuSEfirewall2-custom
    > #
    > #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
    > FW_CUSTOMRULES=""
    > --------------------
    >
    > If you set this to something and then put your iptables commands in there
    > I think your firewall restarts will cause those rules to be executed and
    > you'll keep your settings. I've not tried this in quite a while, so
    > proceed with caution and some tinkering may be in order. Let us know how
    > it goes, please.


    My approach is to save custom firewall rules via "iptables-save >
    /etc/iptables.local" and then add "iptables-restore -c <
    /etc/iptables.local" to /etc/init.d/local so they get load at server
    startup.

    HTH.
    --
    Simon
    SUSE Knowledge Partner

    ------------------------------------------------------------------------
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below. Thanks.
    ------------------------------------------------------------------------

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •