On Thu, 2006-12-21 at 01:43 -0300, Linux Man wrote:
This is what I found in /var/lor/messages:
Dec 21 02:02:28 Promaster firewall.light: + /sbin/iptables -t nat -A POSTROUTING -o eth0 -s MailScanner warning: numerical links are often malicious:192.168.15.50 -j SNAT --to-source MailScanner warning: numerical links are often malicious:192.168.1.5 Dec 21 02:02:28 Promaster firewall.light: + echo ...done Dec 21 02:02:28 Promaster firewall.light: + echo '' Dec 21 02:02:28 Promaster firewall.light: + echo '--> IPTABLES firewall loaded/activated <--' Dec 21 02:02:28 Promaster firewall.light: + exit 0 Dec 21 02:02:28 Promaster rc: Iniciando firewall.light: succeeded Dec 21 02:02:28 Promaster haldaemon: Iniciación de haldaemon succeeded Dec 21 02:02:28 Promaster fstab-sync[3722]: removed all generated mount points Dec 21 02:02:28 Promaster fstab-sync[3739]: added mount point /media/cdrom for /dev/hdc Dec 21 02:02:29 Promaster kernel: fp=INVALID:1 a=DROP IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC= MailScanner warning: numerical links are often malicious:127.0.0.1 DST=MailScanner warning: numerical links are often malicious:127.0.0.1 LEN=16436 TOS=0x00 PREC=0x00 TTL=64 ID=22436 DF PROTO=TCP SPT=32768 DPT=6009 WINDOW=8192 RES=0x00 ACK URGP=0 Dec 21 02:02:29 Promaster kernel: fp=INVALID:1 a=DROP IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC= MailScanner warning: numerical links are often malicious:127.0.0.1 DST=MailScanner warning: numerical links are often malicious:127.0.0.1 LEN=16436 TOS=0x00 PREC=0x00 TTL=64 ID=22438 DF PROTO=TCP SPT=32768 DPT=6009 WINDOW=8192 RES=0x00 ACK URGP=0 Dec 21 02:02:29 Promaster kernel: fp=INVALID:1 a=DROP IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC= MailScanner warning: numerical links are often malicious:127.0.0.1 DST=MailScanner warning: numerical links are often malicious:127.0.0.1 LEN=16436 TOS=0x00 PREC=0x00 TTL=64 ID=22440 DF PROTO=TCP SPT=32768 DPT=6009 WINDOW=8192 RES=0x00 ACK PSH URGP=0
As you can see, it look like the script execute good, but hangs de keybordad, monitor, mouse, etc. Nevertheless theres some activicty from lo to lo ?¿?¿?¿
2006/12/20, Linux Man linuxman.uru@gmail.com: If I hit ENTER anything hapens (even with a lots of enter's) In /var/log/messages seems to compleate the scrips, I'm realy comfiusing (and :( of course) Can be SElinux? can I disable it to try? At terminal all work smooth, I don't understand why hangs at boot time Thanks a lot guys for you help!!
2006/12/20, Michael Velez <mikev777@hotmail.com>: > -----Original Message----- > From: centos-bounces@centos.org > [mailto:centos-bounces@centos.org] On Behalf Of Linux Man > Sent: Tuesday, December 19, 2006 11:40 PM > To: CentOS mailing list > Subject: Re: [CentOS] creating script for init.d > > Sorry, i sent the spript to as particular adress but not for > the adress that I wanted (all centos mailing list), again, sorry > > If I execute it in a terminal as root, works, without > problem, but if i put it to load a boot time (with chkconfig) > there isn't a visual error, just hang. > > Using "echo" I isolate, ther problematic part, this is: > > > #Flush everything, start from scratch > > $IPTABLES -F > > $IPTABLES -F -t mangle > > $IPTABLES -F -t nat > > $IPTABLES -X > > $IPTABLES -X -t mangle > > $IPTABLES -X -t nat > > > > #Set default policies to DROP > > $IPTABLES -P INPUT DROP > > $IPTABLES -P OUTPUT DROP > > $IPTABLES -P FORWARD DROP > > Why hangs? any idea? > Thanks a lot
---- I suppose I am missing something here but I'll offer a theory though without looking at your code, one could only guess what your problem might be.
iptables is a service already as part of the distribution.
/sbin/service iptables save # saves the current rules to /etc/sysconfig/iptables
you can either edit this file, or change your rulesets in real time and then execute a save at any time per above.
At startup, these rules are automatically loaded...no need to write your own script for init.d where iptables are concerned
Craig