The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Where is the documentation for portsentry and iptables firewall rules in the most cur

Discussion in 'General Discussion' started by jteerman, Jan 6, 2010.

  1. jteerman

    jteerman Member

    Joined:
    Jul 30, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    We have been using a rule set for an couple of years with no issue with cPanel. Since the upgrade to 11.25, something has been disabling the iptables firewall implemented on our network infrastructure. Does cPanel have documentation for these services are so we can adapt our long-established firewall rules to be compatible with what ever has been recently implemented in cpanel 11.25.

    Thanks!
     
  2. jteerman

    jteerman Member

    Joined:
    Jul 30, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    service portsentry and iptables restarts not in cron

    Additionally, we've done the following to determine what mechanism is causing this issue. We have an identically-configured server running centos5.4: both installed within the past week, the only difference being the one we're concerned about also has cpanel/whm 11.25 installed through the prescribed method.

    root@cpanelhost [~]# chkconfig --list | grep ip
    ip6tables 0:eek:ff 1:eek:ff 2:eek:ff 3:eek:ff 4:eek:ff 5:eek:ff 6:eek:ff
    iptables 0:eek:ff 1:eek:ff 2:eek:ff 3:eek:ff 4:eek:ff 5:eek:ff 6:eek:ff

    root@cpanelhost [~]# chkconfig --list | grep ports
    portsentry 0:eek:ff 1:eek:ff 2:eek:ff 3:eek:ff 4:eek:ff 5:eek:ff 6:eek:ff

    Because this process / service / implementation has been disabling our designed firewall, we chmod-ded /etc/init.d/iptables 000:
    root@cpanelhost [~]# ls -lrt /etc/init.d/ | grep iptables
    ---------- 1 root root 7460 Nov 2 07:18 iptables

    This service has now been throwing the following error with subject line at 3, 23, and 43 minutes after the hour:
    Subject: Cron <root@cpanelhost> /sbin/service portsentry restart >/dev/null && /sbin/service iptables restart >/dev/null
    iptables: unrecognized service

    root@cpanelhost [~]# grep -E 'portsentry|iptables' -rl /var/spool/cron
    root@cpanelhost [~]# crontab -l | grep -E 'portsentry|iptables'

    There are no references in /etc/crontab or any other cronjob entries to jobs that start at 3, 23, and 43 minutes after the hour, but we're quite positive it is a cpanel cronjob that is doing this.

    Our custom firewall runs fine. The only rules in existence that we have not flushed are the following:
    Chain acctboth (0 references)
    pkts bytes target prot opt in out source destination
    99 5927 tcp -- !lo * www.xxx.yyy.zzz 0.0.0.0/0 tcp dpt:80
    62 10583 tcp -- !lo * 0.0.0.0/0 www.xxx.yyy.zzz tcp spt:80

    What causes this job to run? How do we disable it as we consider deploying additional cpanel hosts? Where is the documentation for the portsentry implementation on whm/cpanel 11.25?
     
Loading...

Share This Page