Does Cpanel overwrite iptables?

ciordia9 · Oct 11, 2005

I'm not a neophyte when it comes to iptables, but this behavior has me crosseyed. I edit my iptables to allow port 8080 availability. I iptable-save it to the /etc/sysconfig/iptables file. Within a days time period my rule is gone from iptables. If I restart the service, it pulls the rules correctly from sysconfig and my port is there.. again it dissapears.

I have been hunting through the system for a mechanism which cleans the rules and just can't put my finger on it, but since cpanel is the only culprit i have not had extended experience on I feel it is something within it. The rest of the services on this centos4 box are just mambo and tomcat.

I've seen others point out this iptables-dropping issue but all the responses echo back to AFP and I don't need AFP, I just need these rules to stay and not get pruned during runtime.

Clues & Comments welcome!

-a

chirpy · Oct 11, 2005

A couple of ideas:

1. Do you have WHM > Tweak Security > SMTP Tweak > enabled? If so, it adds iptables rules to limit who can connect to port 25 and may be the cause

2. If you're using an RH derivative OS, have you got the rpm that includes lokkit installed (redhat-config-securitylevel-tui I think)? If so, you might want to remove it

Lastly, you should check that your modifications are indeed being saved to /etc/sysconfig/iptables

ciordia9 · Oct 12, 2005

Three good ideas to look into, and unfortunatly all come up null.

SMTP Tweaks are not enabled.
lokkit & derrivitives are not installed
& yes /etc/sysconfig/iptables contains the entries that should be there.

It is so very strange. On a fresh boot, once the system is loaded my iptables changes are not online. I literally have to restart iptables and it auto-loads the /etc/sysconfig/iptables file, but for the life of me I don't know why it's not on-boot. Nor can I fathom whats causing it to revert while running. I've just never witnessed behavior such as this. It's always been more binary, it works, or it doesnt, and for straight forward reasons.

Any other suggestions?

ciordia9 · Oct 12, 2005

somfabiz..

Looks like the hosting provider that installed cpanel also installed apf but I was not aware. This has got to be the culprit. If this doesn't fix I'll tag the thread again but I'm betting apf is controlling the game.

Thanks for the brainpower.

-a

chirpy · Oct 12, 2005

Aha! If you stop and disable APF, be aware that there's a daily cron job that restarts it in /etc/cron.daily/fw

Thread starter	Similar threads	Forum	Replies	Date
C	Does cPanel Offer Free Certificate and does it work?	Security	4	Sep 26, 2022
W	log4j CVE-2021-44228, does it affect Cpanel?	Security	23	Dec 10, 2021
G	Does cpanel aware your license server network 184.94.192.0/20 was hijacked yesterday?	Security	1	Oct 1, 2020
D	Where does cPanel add the Content-Security-Policy (CSP) header?	Security	3	Jun 15, 2020
N	Does cPanel query RemoteBlackList for cPHulk?	Security	1	Sep 9, 2019

Search

Search

Does Cpanel overwrite iptables?

ciordia9

Registered

chirpy

Well-Known Member

ciordia9

Registered

ciordia9

Registered

chirpy

Well-Known Member