[CentOS] creating script for init.d

Thu Dec 21 04:51:44 UTC 2006
Craig White <craigwhite at azapple.com>

On Thu, 2006-12-21 at 01:43 -0300, Linux Man wrote:
> This is what I found in /var/lor/messages:
> 
> Dec 21 02:02:28 Promaster firewall.light: + /sbin/iptables -t nat -A
> POSTROUTING -o eth0 -s MailScanner warning: numerical links are often
> malicious:192.168.15.50 -j SNAT --to-source MailScanner warning:
> numerical links are often malicious:192.168.1.5
> Dec 21 02:02:28 Promaster firewall.light: + echo ...done
> Dec 21 02:02:28 Promaster firewall.light: + echo ''
> Dec 21 02:02:28 Promaster firewall.light: + echo '--> IPTABLES
> firewall loaded/activated <--' 
> Dec 21 02:02:28 Promaster firewall.light: + exit 0
> Dec 21 02:02:28 Promaster rc: Iniciando  firewall.light:  succeeded
> Dec 21 02:02:28 Promaster haldaemon: Iniciación de haldaemon
> succeeded 
> Dec 21 02:02:28 Promaster fstab-sync[3722]: removed all generated
> mount points
> Dec 21 02:02:28 Promaster fstab-sync[3739]: added mount
> point /media/cdrom for /dev/hdc
> Dec 21 02:02:29 Promaster kernel: fp=INVALID:1 a=DROP IN=lo OUT=
> MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC= MailScanner
> warning: numerical links are often malicious:127.0.0.1 DST=MailScanner
> warning: numerical links are often malicious:127.0.0.1 LEN=16436
> TOS=0x00 PREC=0x00 TTL=64 ID=22436 DF PROTO=TCP SPT=32768 DPT=6009
> WINDOW=8192 RES=0x00 ACK URGP=0 
> Dec 21 02:02:29 Promaster kernel: fp=INVALID:1 a=DROP IN=lo OUT=
> MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC= MailScanner
> warning: numerical links are often malicious:127.0.0.1 DST=MailScanner
> warning: numerical links are often malicious:127.0.0.1 LEN=16436
> TOS=0x00 PREC=0x00 TTL=64 ID=22438 DF PROTO=TCP SPT=32768 DPT=6009
> WINDOW=8192 RES=0x00 ACK URGP=0 
> Dec 21 02:02:29 Promaster kernel: fp=INVALID:1 a=DROP IN=lo OUT=
> MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC= MailScanner
> warning: numerical links are often malicious:127.0.0.1 DST=MailScanner
> warning: numerical links are often malicious:127.0.0.1 LEN=16436
> TOS=0x00 PREC=0x00 TTL=64 ID=22440 DF PROTO=TCP SPT=32768 DPT=6009
> WINDOW=8192 RES=0x00 ACK PSH URGP=0 
> 
> As you can see, it look like the script execute good, but hangs de
> keybordad, monitor, mouse, etc. Nevertheless theres some activicty
> from lo to lo ?¿?¿?¿ 
> 
> 2006/12/20, Linux Man <linuxman.uru at gmail.com>:
>         If I hit ENTER anything hapens (even with a lots of enter's)
>         In /var/log/messages seems to compleate the scrips, I'm realy
>         comfiusing (and :( of course)
>         Can be SElinux? can I disable it to try?
>         At terminal all work smooth, I don't understand why hangs at
>         boot time
>         Thanks a lot guys for you help!!
>          
>         2006/12/20, Michael Velez <mikev777 at hotmail.com>: 
>                 
>                 
>                 
>                 > -----Original Message-----
>                 > From: centos-bounces at centos.org
>                 > [mailto:centos-bounces at centos.org] On Behalf Of
>                 Linux Man
>                 > Sent: Tuesday, December 19, 2006 11:40 PM 
>                 > To: CentOS mailing list
>                 > Subject: Re: [CentOS] creating script for init.d
>                 >
>                 > Sorry, i sent the spript to as particular adress but
>                 not for
>                 > the adress that I wanted (all centos mailing list),
>                 again, sorry
>                 >
>                 > If I execute it in a terminal as root, works,
>                 without 
>                 > problem, but if i put it to load a boot time (with
>                 chkconfig)
>                 > there isn't a visual error, just hang.
>                 >
>                 > Using "echo" I isolate, ther problematic part, this
>                 is:
>                 >
>                 > > #Flush everything, start from scratch 
>                 > > $IPTABLES -F
>                 > > $IPTABLES -F -t mangle
>                 > > $IPTABLES -F -t nat
>                 > > $IPTABLES -X
>                 > > $IPTABLES -X -t mangle
>                 > > $IPTABLES -X -t nat
>                 > >
>                 > > #Set default policies to DROP 
>                 > > $IPTABLES -P INPUT DROP
>                 > > $IPTABLES -P OUTPUT DROP
>                 > > $IPTABLES -P FORWARD DROP
>                 >
>                 > Why hangs? any idea?
>                 > Thanks a lot
----
I suppose I am missing something here but I'll offer a theory though
without looking at your code, one could only guess what your problem
might be.

iptables is a service already as part of the distribution.

/sbin/service iptables save # saves the current rules
to /etc/sysconfig/iptables

you can either edit this file, or change your rulesets in real time and
then execute a save at any time per above.

At startup, these rules are automatically loaded...no need to write your
own script for init.d where iptables are concerned

Craig