Results 1 to 5 of 5

Thread: Does Cpanel overwrite iptables?

  1. #1
    Registered User
    Join Date
    Oct 2005
    Posts
    3

    Question Does Cpanel overwrite iptables?

    I'm not a neophyte when it comes to iptables, but this behavior has me crosseyed. I edit my iptables to allow port 8080 availability. I iptable-save it to the /etc/sysconfig/iptables file. Within a days time period my rule is gone from iptables. If I restart the service, it pulls the rules correctly from sysconfig and my port is there.. again it dissapears.

    I have been hunting through the system for a mechanism which cleans the rules and just can't put my finger on it, but since cpanel is the only culprit i have not had extended experience on I feel it is something within it. The rest of the services on this centos4 box are just mambo and tomcat.

    I've seen others point out this iptables-dropping issue but all the responses echo back to AFP and I don't need AFP, I just need these rules to stay and not get pruned during runtime.

    Clues & Comments welcome!

    -a

  2. #2
    Registered Member This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,499

    Default

    A couple of ideas:

    1. Do you have WHM > Tweak Security > SMTP Tweak > enabled? If so, it adds iptables rules to limit who can connect to port 25 and may be the cause

    2. If you're using an RH derivative OS, have you got the rpm that includes lokkit installed (redhat-config-securitylevel-tui I think)? If so, you might want to remove it

    Lastly, you should check that your modifications are indeed being saved to /etc/sysconfig/iptables
    Jonathan Michaelson

    cPanel Server Configuration, Security and Antivirus/AntiSpam Services
    http://www.configserver.com

  3. #3
    Registered User
    Join Date
    Oct 2005
    Posts
    3

    Default

    Three good ideas to look into, and unfortunatly all come up null.

    SMTP Tweaks are not enabled.
    lokkit & derrivitives are not installed
    & yes /etc/sysconfig/iptables contains the entries that should be there.

    It is so very strange. On a fresh boot, once the system is loaded my iptables changes are not online. I literally have to restart iptables and it auto-loads the /etc/sysconfig/iptables file, but for the life of me I don't know why it's not on-boot. Nor can I fathom whats causing it to revert while running. I've just never witnessed behavior such as this. It's always been more binary, it works, or it doesnt, and for straight forward reasons.

    Any other suggestions?

  4. #4
    Registered User
    Join Date
    Oct 2005
    Posts
    3

    Wink

    somfabiz..

    Looks like the hosting provider that installed cpanel also installed apf but I was not aware. This has got to be the culprit. If this doesn't fix I'll tag the thread again but I'm betting apf is controlling the game.

    Thanks for the brainpower.

    -a

  5. #5
    Registered Member This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,499

    Default

    Aha! If you stop and disable APF, be aware that there's a daily cron job that restarts it in /etc/cron.daily/fw
    Jonathan Michaelson

    cPanel Server Configuration, Security and Antivirus/AntiSpam Services
    http://www.configserver.com

Similar Threads

  1. cPanel Package Changes Overwrite Quota?
    By heyjohnboy in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 07-01-2010, 03:42 PM
  2. Unzipping using Cpanel to Overwrite Files
    By mealto in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 07-16-2007, 10:04 AM
  3. cPanel Overwrite antivirus.exim?
    By HostIt in forum cPanel & WHM Discussions
    Replies: 7
    Last Post: 10-05-2006, 08:51 AM
  4. Cpanel will not overwrite existing dns entries anymore.
    By DWHS.net in forum cPanel & WHM Discussions
    Replies: 13
    Last Post: 07-20-2005, 10:58 PM
  5. Prevent cPanel update to overwrite some files
    By ericlkh in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 06-15-2003, 11:14 AM
bargain