Reseting and saving iptables

[LordNibler]

Hi,

My ISP has IPTV and it doesn't work with my current iptables configuration. I tried to reset iptables:

Code:

sudo iptables -F
sudo iptables -X

IPTV works after that.

After restart all the iptables rules are back and IPTV doesn't work. I didn't add these rules manually to iptables, probably they were added by Firestarter (not sure). Firestarter was removed (Synaptics - Mark for Complete Removal), but the rules are still there.

1) How can I reset iptables to default Ubuntu configuration and save it in that state?

2) Do I have to use iptables-save and iptables-restore?

3) Does iptables use the same mechanism (iptables-restore) to restore rules that block my IPTV after restart? If so, where they are saved and what program/script restores them?

I use Ubuntu 9.04

Sorry for my bad English.

[brabo]

normaly, you should flush the rules again with the commands you used.
then test your connection, see if it all works.
thhen you use iptables-save to save the changes.
after reboot, you should still be good

brabo.

[LordNibler]

normaly, you should flush the rules again with the commands you used.
then test your connection, see if it all works.
thhen you use iptables-save to save the changes.
after reboot, you should still be good

brabo.

Thanks for responding!

I tried:

1.

Code:

sudo iptables -F
sudo iptables -X
sudo iptables-save

The output was:

Code:

# Generated by iptables-save v1.4.1.1 on Tue Jun  9 20:48:54 2009
*filter
:INPUT ACCEPT [272939:21958800]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [272228:15972093]
COMMIT
# Completed on Tue Jun  9 20:48:54 2009

2. Checked iptables rules:

Code:

sudo iptables -L

There were no rules and my IPTV worked fine.

3. Restarted computer.

All the old rules are back and IPTV doesn't work

Will "sudo iptables-save" save iptables rules to some default location (where is it?) or this command must be always redirected to a file, and then "iptables-restore" should be used to restore rules from that file at start-up?

[redmk2]

Thanks for responding!

I tried:

1.

Code:

sudo iptables -F
sudo iptables -X
sudo iptables-save

The output was:

Code:

# Generated by iptables-save v1.4.1.1 on Tue Jun  9 20:48:54 2009
*filter
:INPUT ACCEPT [272939:21958800]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [272228:15972093]
COMMIT
# Completed on Tue Jun  9 20:48:54 2009

2. Checked iptables rules:

Code:

sudo iptables -L

There were no rules and my IPTV worked fine.

3. Restarted computer.

All the old rules are back and IPTV doesn't work

Will "sudo iptables-save" save iptables rules to some default location (where is it?) or this command must be always redirected to a file, and then "iptables-restore" should be used to restore rules from that file at start-up?

There is no "default location".

From the iptables-save man page:

Code:

       iptables-save  is  used  to  dump the contents of an IP Table in easily
       parseable format to STDOUT. Use I/O-redirection provided by your  shell
       to write to a file.

See:
http://blogger.ziesemer.com/2008/10/...-iptables.html

http://www.linuxquestions.org/questi...g-file-584024/

[LordNibler]

Hello, thanks for response.

There is no "default location".

If there is no “default location” and as I know Ubuntu has no iptables rules by default (just after installation), then rules in my iptables configuration (that block IPTV) are loaded by some script/application from some file. Is it right? I'm rather new to Linux and Ubuntu. How can I find that file and script?

I tried to do the following (https://help.ubuntu.com/community/IptablesHowTo):

1) Reset my iptables and saved it to a file:

Code:

sudo iptables -F
sudo iptables -X
sudo sh -c "iptables-save > /etc/iptables_default-no_rules.txt"

2) Added the following line at the end of file /etc/network/interfaces:

Code:

pre-up iptables-restore < /etc/iptables_default-no_rules.txt

By the way, there were only two lines in that file:

Code:

auto lo
iface lo inet loopback

3) Rebooted the computer.

All unwanted rules (that block my IPTV), that I'm trying to get rid of were back.

After that I tried alternative solution (https://help.ubuntu.com/community/IptablesHowTo):

1) Created script iptables-restore-default:

Code:

#!/bin/sh
iptables-restore < /etc/iptables_default-no_rules.txt
exit 0

3)

Code:

chmod +x iptables-restore-default

4)

Code:

sudo cp iptables-restore-default /etc/network/if-pre-up.d/

5) Restarted the computer.

Unwanted iptables rules were loaded again.

Is it possible that when computer boots my iptables rules are loaded and then some script/application loads these unwanted rules and overwrites mine?

If so, how I can find it?

[redmk2]

...
If there is no “default location” and as I know Ubuntu has no iptables rules by default (just after installation), then rules in my iptables configuration (that block IPTV) are loaded by some script/application from some file. Is it right?

Yes that's right. Are you sure that UFW isn't configured?

I'm rather new to Linux and Ubuntu. How can I find that file and script?

I believe it is enabled in 9.04 To see if UFW is enabled try this:

Code:

sudo ufw status

... Is it possible that when computer boots my iptables rules are loaded and then some script/application loads these unwanted rules and overwrites mine?

If so, how I can find it?

See if UFW is enabled before trying anything else. If it is, there are plenty of tutorials you can look up with Google. I would start with the man pages

Code:

man ufw

I believe there is a GUI app to manage it. I think it is called gufw.

I have UFW turned off and have never enabled it. I have a perimeter firewall that takes care of my small LAN.

[LordNibler]

Thanks for help redmk2!

Yes that's right. Are you sure that UFW isn't configured?I believe it is enabled in 9.04 To see if UFW is enabled try this:

Code:

sudo ufw status

UFW (and GUFW) was installed but it was turned off. I checked it after each reboot with the command that you posted above. I removed them both.

See if UFW is enabled before trying anything else. If it is, there are plenty of tutorials you can look up with Google. I would start with the man pages

Code:

man ufw

I believe there is a GUI app to manage it. I think it is called gufw.

I have UFW turned off and have never enabled it. I have a perimeter firewall that takes care of my small LAN.

I tried to find what was overwriting my iptables rules with older version:

I searched for "iptables-restore" in /etc:

Code:

sudo grep -R iptables-restore /etc

I found only those entries that I made myself (see post 5 above)

I added the following line to /etc/rc.local:

Code:

iptables-restore < /etc/iptables_default-no_rules.txt

Now my rules are loaded after restart, but it seems to be a bad solution (see http://www.linuxquestions.org/questi...4/#post2890275)

Is there a way to find out what was overwriting iptables rules (something that boots after /etc/network/interfaces and before /etc/rc.local)? I'm new to Linux and maybe I'm misunderstanding the problem.

[redmk2]

...

Is there a way to find out what was overwriting iptables rules (something that boots after /etc/network/interfaces and before /etc/rc.local)? I'm new to Linux and maybe I'm misunderstanding the problem.

The init system uses run levels (stages). The script could be in any of the rc directories. See here for an understanding of run levels.

Look in the other /etc/rc directories. It is a bit of a "needle in a haystack" situation. Although the script should have a descriptive name, it does need really have to. This is where I would hunt it down.

Remember all this is just configuration and you have had the last say with your iptables restore script. I know how you feel, it would be nice to find the offending script.

[LordNibler]

The init system uses run levels (stages). The script could be in any of the rc directories. See here for an understanding of run levels.

Look in the other /etc/rc directories. It is a bit of a "needle in a haystack" situation. Although the script should have a descriptive name, it does need really have to. This is where I would hunt it down.

Remember all this is just configuration and you have had the last say with your iptables restore script. I know how you feel, it would be nice to find the offending script.

I used a keyword "NFQUEUE" from iptables rules to scan system folders recursively with grep:

Code:

sudo grep -R NFQUEUE /usr

I found an ipblock script /usr/sbin/ipblock, that was setting up iptables rules at startup. Disabling autostart for ipblock fixed the problem.

I learned a few new Linux tips while was solving this issue.

Thanks for help!

[tuxhats]

sudo rm /etc/init.d/ufw
sudo cp your-new-firewall-file /etc/init.d/ufw

This removes the ufw(universal firewall) which ACCEPTS everything from everyone, etc.[NOT GOOD!!!] And, replaces it with one of your own. When you reboot, it will become your new firewall as default.