[CentOS] creating script for init.d

Craig White craigwhite at azapple.com
Thu Dec 21 04:51:44 UTC 2006 

On Thu, 2006-12-21 at 01:43 -0300, Linux Man wrote:
> This is what I found in /var/lor/messages:
> 
> Dec 21 02:02:28 Promaster firewall.light: + /sbin/iptables -t nat -A
> POSTROUTING -o eth0 -s MailScanner warning: numerical links are often
> malicious:192.168.15.50 -j SNAT --to-source MailScanner warning:
> numerical links are often malicious:192.168.1.5
> Dec 21 02:02:28 Promaster firewall.light: + echo ...done
> Dec 21 02:02:28 Promaster firewall.light: + echo ''
> Dec 21 02:02:28 Promaster firewall.light: + echo '--> IPTABLES
> firewall loaded/activated <--' 
> Dec 21 02:02:28 Promaster firewall.light: + exit 0
> Dec 21 02:02:28 Promaster rc: Iniciando  firewall.light:  succeeded
> Dec 21 02:02:28 Promaster haldaemon: Iniciación de haldaemon
> succeeded 
> Dec 21 02:02:28 Promaster fstab-sync[3722]: removed all generated
> mount points
> Dec 21 02:02:28 Promaster fstab-sync[3739]: added mount
> point /media/cdrom for /dev/hdc
> Dec 21 02:02:29 Promaster kernel: fp=INVALID:1 a=DROP IN=lo OUT=
> MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC= MailScanner
> warning: numerical links are often malicious:127.0.0.1 DST=MailScanner
> warning: numerical links are often malicious:127.0.0.1 LEN=16436
> TOS=0x00 PREC=0x00 TTL=64 ID=22436 DF PROTO=TCP SPT=32768 DPT=6009
> WINDOW=8192 RES=0x00 ACK URGP=0 
> Dec 21 02:02:29 Promaster kernel: fp=INVALID:1 a=DROP IN=lo OUT=
> MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC= MailScanner
> warning: numerical links are often malicious:127.0.0.1 DST=MailScanner
> warning: numerical links are often malicious:127.0.0.1 LEN=16436
> TOS=0x00 PREC=0x00 TTL=64 ID=22438 DF PROTO=TCP SPT=32768 DPT=6009
> WINDOW=8192 RES=0x00 ACK URGP=0 
> Dec 21 02:02:29 Promaster kernel: fp=INVALID:1 a=DROP IN=lo OUT=
> MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC= MailScanner
> warning: numerical links are often malicious:127.0.0.1 DST=MailScanner
> warning: numerical links are often malicious:127.0.0.1 LEN=16436
> TOS=0x00 PREC=0x00 TTL=64 ID=22440 DF PROTO=TCP SPT=32768 DPT=6009
> WINDOW=8192 RES=0x00 ACK PSH URGP=0 
> 
> As you can see, it look like the script execute good, but hangs de
> keybordad, monitor, mouse, etc. Nevertheless theres some activicty
> from lo to lo ?¿?¿?¿ 
> 
> 2006/12/20, Linux Man <linuxman.uru at gmail.com>:
>         If I hit ENTER anything hapens (even with a lots of enter's)
>         In /var/log/messages seems to compleate the scrips, I'm realy
>         comfiusing (and :( of course)
>         Can be SElinux? can I disable it to try?
>         At terminal all work smooth, I don't understand why hangs at
>         boot time
>         Thanks a lot guys for you help!!
>          
>         2006/12/20, Michael Velez <mikev777 at hotmail.com>: 
>                 
>                 
>                 
>                 > -----Original Message-----
>                 > From: centos-bounces at centos.org
>                 > [mailto:centos-bounces at centos.org] On Behalf Of
>                 Linux Man
>                 > Sent: Tuesday, December 19, 2006 11:40 PM 
>                 > To: CentOS mailing list
>                 > Subject: Re: [CentOS] creating script for init.d
>                 >
>                 > Sorry, i sent the spript to as particular adress but
>                 not for
>                 > the adress that I wanted (all centos mailing list),
>                 again, sorry
>                 >
>                 > If I execute it in a terminal as root, works,
>                 without 
>                 > problem, but if i put it to load a boot time (with
>                 chkconfig)
>                 > there isn't a visual error, just hang.
>                 >
>                 > Using "echo" I isolate, ther problematic part, this
>                 is:
>                 >
>                 > > #Flush everything, start from scratch 
>                 > > $IPTABLES -F
>                 > > $IPTABLES -F -t mangle
>                 > > $IPTABLES -F -t nat
>                 > > $IPTABLES -X
>                 > > $IPTABLES -X -t mangle
>                 > > $IPTABLES -X -t nat
>                 > >
>                 > > #Set default policies to DROP 
>                 > > $IPTABLES -P INPUT DROP
>                 > > $IPTABLES -P OUTPUT DROP
>                 > > $IPTABLES -P FORWARD DROP
>                 >
>                 > Why hangs? any idea?
>                 > Thanks a lot
----
I suppose I am missing something here but I'll offer a theory though
without looking at your code, one could only guess what your problem
might be.

iptables is a service already as part of the distribution.

/sbin/service iptables save # saves the current rules
to /etc/sysconfig/iptables

you can either edit this file, or change your rulesets in real time and
then execute a save at any time per above.

At startup, these rules are automatically loaded...no need to write your
own script for init.d where iptables are concerned

Craig

More information about the CentOS mailing list