I have a dedicated server and everything is working as it should (I think! ). I added a line in /etc/sysconfig/iptables file (for port 143) as one of my clients wanted to use IMAP.
Unfortunately, when the server is rebooted, the iptables goes back to default. I have tried everything I could to make it use the latest version but it always goes back to default. I did follow this but same result!
From where is your iptables config loaded? If i'm not mistaken there is an option that you can pass to the iptables command that will save the 'current running configuration' to a file...
thanks for your response. This might be a strange question but do you mean:
1- open up /etc/sysconfig/iptables in editor
2- make the necessary changes and save it
3- do iptables-save > myiptables.conf
Yes, But first call iptables-save to store your current 'configset' (by default it will write to /etc/sysconfig/iptables)... In case you want to restore use iptables-restore.... (http://iptables-tutorial.frozentux.net/ ... index.html seems to be a good resource...)
I did some searching... the only firewall file I could find was /etc/sysconfig/firewall and it contained some shell code for firewall rules, as shown below:
#!/bin/sh
#fix for passive ftp connection tracking
/sbin/modprobe ip_conntrack_ftp
# Drop ICMP echo request messages sent to multicast or broadcast addresses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Drop source routed packets
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
# Enable TCP SYS cookie (DoS) protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# Don't accept ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
# Don't send ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
# Enable source address spoofing protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
# Log packets with crazy source addresses
#echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
# Flush all chains
/sbin/iptables --flush
# Allow all loopback traffic
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Set default policies to drop all traffic
/sbin/iptables --policy INPUT DROP
#/sbin/iptables --policy OUTPUT DROP
/sbin/iptables --policy FORWARD DROP
# Allow previously initiated and accepted exchanges to bypass rule checking
# Allow all outbound traffic
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Allow incoming port 22 (ssh) traffic
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
# Allow incoming port 80 and 443 (http/s) traffic
/sbin/iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
# Allow incoming port 53 (udp/tcp) dns traffic
/sbin/iptables -A INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 69 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 69 -m state --state NEW -j ACCEPT
# Allow incoming port 25 (tcp) SMTP traffic
/sbin/iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT
# Allow incoming port 110 (tcp) POP3 traffic
/sbin/iptables -A INPUT -p tcp --dport 110 -m state --state NEW -j ACCEPT
# Allow incoming port 123 (udp) NTP traffic
/sbin/iptables -A INPUT -p udp --dport 123 -m state --state NEW -j ACCEPT
# Allow incoming ports 20 and 21 (tcp) FTP traffic
/sbin/iptables -A INPUT -p tcp --dport 20 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT
# Allow incoming port 3306 (udp/tcp) MySQL traffic
/sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 3306 -m state --state NEW -j ACCEPT
# Allow incoming port 5555 (tcp) MatrixSA traffic
/sbin/iptables -A INPUT -p tcp --dport 5555 -m state --state NEW -j ACCEPT
# Allow incoming port 8002/9001 (tcp) traffic for initial listeners
/sbin/iptables -A INPUT -p tcp --dport 8002 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 9001 -m state --state NEW -j ACCEPT
# Drop all other inbound traffic
/sbin/iptables -A INPUT -j DROP
# Save these rules so they are initiated when iptables is started
/sbin/service iptables save
So I am assuming this is the one file you are referring to and I have added the following line and saved the file: