[BlueOnyx:03586] Re: IPTables rules being rewritten

JW Simpson john at swajime.com
Sat Feb 13 16:33:55 -05 2010 

Repost (sorry was wrong subject line)

On Sat, 2010-02-13 at 15:31 -0600, JW Simpson wrote:

> On Sun, 2009-04-19 at 13:31 -0400, Michael Stauber wrote:
> > Hi Tony,
> > 
> >> I have Webmin 1.470 installed on my BO box (latest updates) and I used
> >> Webmin to create some firewall rules but they keep getting overwritten
> >> during the night and reverting to a base 'allow all' set.
> >>
> >> I am very new to BO and Linux so I am struggling to find out what
> >> rewrites
> >> the rules.
> > 
> > It's this cronjob that resets the iptables rules:
> > 
> > /etc/cron.hourly/log_traffic
> > 
> > It's used to set up traffic accounting. If you want to use your own
> > iptables
> > rules, you can simply delete that cronjob. No harm done there.
> > 
> > -- 
> > With best regards
> > 
> > Michael Stauber
> 
> I've run into this same issue.
> 
> Looking at the code, it appears to me that the whole point of the chains
> acctin and acctout is to keep the "accounting" process from mutilating
> the INPUT and OUTPUT chains?
> 
> The statement "Every hour the cron script /etc/cron.hourly/log_traffic
> produces log entries which are interpreted ones a night
> by /etc/cron.daily/logrotate which calls analog." that I found at
> http://www.kaffeesud.org/index.php?id=28 makes me think that I need more
> information.
> 
> What functionality do we lose by deleting the cronjob?
> 
> What is the appropriate procedure for adding firewall rules that won't
> be overwritten by the script, as an alternative to removing the script?
> 
> I can't seem to find any documentation anywhere other that what is
> actually in the script.
> 
> Will the removal of this file break the functionality of the analog or
> base-sitestats-scripts packages?
> 
> [john at bx1]# R:/etc/cron.hourly> rpmquery --whatprovides /etc/cron.hourly/log_traffic 
>         base-sitestats-scripts-1.0-25BQ20.centos5
>         [john at bx1]# R:/etc/cron.hourly> yum info base-sitestats-scripts
>         Loaded plugins: fastestmirror
>         Loading mirror speeds from cached hostfile
>          * BlueOnyx: www.blueonyx.it
>          * Solarspeed.net: mirror.smd.net
>          * addons: mirror.steadfast.net
>          * base: mirrors.gigenet.com
>          * extras: yum.singlehop.com
>          * updates: mirrors.tummy.com
>         Installed Packages
>         Name       : base-sitestats-scripts
>         Arch       : noarch
>         Version    : 1.0
>         Release    : 25BQ20.centos5
>         Size       : 58 k
>         Repo       : installed
>         Summary    : Server and site statistics for web, ftp, email, and network traffic
>         License    : Sun modified BSD
>         Description: This package contains the scripts for processing logfiles
>                    : and monitoring network traffic and the php user interface for
>                    : generating and viewing reports.
>         
> 



-- 
JW Simpson <john at swajime.com>
SwaJime's Cove℠
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20100213/da72473d/attachment.html>

More information about the Blueonyx mailing list