The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IPTables Mess

Discussion in 'General Discussion' started by aseymour, Apr 14, 2012.

  1. aseymour

    aseymour Registered

    Joined:
    Apr 14, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    I noticed my server recently upgraded to 11.32.2 (build 18) during that process, it somehow managed to block access to everything through IPTables - after removing the offending rule there are still issues with certain ports still being blocked - I was told it was down to IPTables not being saved correctly (I hadn't modified it in any way and all those rules were from the initial WHM setup). Is there any reason why this would have happened?

    Thanks!
     
  2. JayFromEpic

    JayFromEpic Well-Known Member

    Joined:
    Apr 2, 2011
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Scottsdale, AZ
    cPanel Access Level:
    Root Administrator
    Thats very strange. Worst case scenario, you can just do a "iptables -F" and start fresh. Just make sure to "service iptables save" when your done.
     
  3. aseymour

    aseymour Registered

    Joined:
    Apr 14, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Yeah - does WHM rebuild or build IPTables at any point? Say, if I did do iptables -F would WHM build that back up? My concern is it'd remove some rules that have been added.
     
  4. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
    do you have csf installed on your server ?
     
  5. aseymour

    aseymour Registered

    Joined:
    Apr 14, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I don't believe to have CSF installed.
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    You can check for CSF and/or APF using the following:

    Code:
    whereis csf
    whereis apf
    As for this happening, did the machine reboot recently? If you've restarted the machine and didn't save any firewall changes during the install process that you might have made, then the initial iptables rules will still be in effect on reboot. I know some people who have added the ports needed, never saved them with "service iptables save" and then months or years later reboot the machine, reloading the original rules. The default RedHat firewall rules do not have the necessary ports opened.

    Thanks!
     
  7. aseymour

    aseymour Registered

    Joined:
    Apr 14, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I don't seem to have CSF or APF but it's my understanding that cPanel doesn't actually change/modify IPTables? If this is true, then it's the rules that my host added to the server (server has only been online for 16 days) and didn't save - however, this means that while updating to BUILD 18 either cPanel cleared the rules or restarted the server as SSH was also lost during this. Any insight from people would be greatly appreciated.

    Thanks!
     
  8. JayFromEpic

    JayFromEpic Well-Known Member

    Joined:
    Apr 2, 2011
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Scottsdale, AZ
    cPanel Access Level:
    Root Administrator
    cPanel will never touch your iptables for obvious security reasons and everyone's setup is different.

    What are you referring to as SSH was lost?
     
  9. padani

    padani Active Member

    Joined:
    Apr 7, 2007
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    AUSTRALIA
    cPanel Access Level:
    Root Administrator
    Hi,

    Have you had a word with your server provider? They might be able to help. Cpanel never ever behave like this.
     
  10. JayFromEpic

    JayFromEpic Well-Known Member

    Joined:
    Apr 2, 2011
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Scottsdale, AZ
    cPanel Access Level:
    Root Administrator
    cPanel is designed not to allow this to happen. cPanel does have the ability to make those sort of changes its self without an addon script.
     
Loading...

Share This Page