My own IP keeps getting added to iptables rules

Portal Home > Knowledgebase > Articles Database > My own IP keeps getting added to iptables rules

Posted by t325, 05-15-2007, 10:17 AM
I had csf firewall installed, and due to my own stupidity, attempted to login with the wrong password one too many times, which added my IP to iptables, locking me out. I had to SSH into a linux box at school, and then ssh into my server to stop the iptables service so I could get into my server. I removed every trace of my IP that I could find in csf, but sometime in the middle of the night, iptables reloads some rules from somewhere that blocks me again. I also tried doing iptables -F to clear all rules, but again, sometime in the middle of the night, rules are reloaded and I get blocked. I even uninstalled csf to no avail. I just want to remove my IP once and for all. Please help as this is extremely annoying.
Posted by The3bl, 05-15-2007, 11:08 AM
Log into the server and add your IP to the cfs allow list. That way it will not block it any longer.
Posted by SparkSupport, 05-15-2007, 11:19 AM
Even after uninstalling csf your IP still getting blocked is really weird. Check all the crons in the server for any scripts that deals with firewall.
Posted by Calibur747, 05-15-2007, 11:47 AM
Yeah, also try looking into /etc/sysconfig and see if there are any iptables files that might be getting reloaded. From there, remove any sign of of your IP and DROP on the same line
Posted by sirius, 05-15-2007, 12:35 PM
Moved to Technical and Security Issues.... Sirius
Posted by jmcgon, 05-15-2007, 02:03 PM
csf stores its configuration files in /etc/csf/ by default
Posted by t325, 05-15-2007, 09:46 PM
Nothing in the cron that seems out of the ordinary: Before, after doing iptables -F, I forgot to do service iptables save (or whatever that save command was). I just did that now, so we'll see what happens tomorrow morning
Posted by david510, 05-16-2007, 07:42 AM
after saving iptables, restart iptables and type iptables -L to see if any rule is present.
Posted by t325, 05-17-2007, 10:54 AM
It's still happening. i can flush, save and list and no rules are there, but sometime in the middle of the night, the rules are updated with my IP. Is there any way to just completely disable iptables?
Posted by Calibur747, 05-17-2007, 03:21 PM
I wouldn't suggest disabling iptables...perhaps you have APF installed and it continually re-writes the rules for iptables? Perhaps check /etc/apf/conf.apf and see if anything in there is against your IP. To temporarily disable iptables while you are working, do 'service iptables stop' and when you are ready to re-activate, enter 'service iptables start' .
Posted by page-zone, 05-17-2007, 04:14 PM
Sending commands to IPtables isn't a good idea if csf is installed especially iptables -F as it sometimes locks up the network. Don't know why but it does. If you get locked out try logging in from a different IP (another server perhaps). And run /usr/sbin/csf -l to see if your IP is on the list. Or right now type /usr/sbin/csf -h and get a list of all the commands. Just typing csf -h will work too. It can also be uninstalled with cd /etc/csf ; sh uninstall.sh And reinstalled with the install.sh script. Unistalling it and reinstalling it might fix it. Also might want to look around and see how many iptables binaries you have lying around. updatedb -U / or updatedb then locate iptables Last edited by page-zone; 05-17-2007 at 04:18 PM.
Posted by Scott.Mc, 05-17-2007, 04:44 PM
That if theres rules there specfically for the network only. ####### It's possible the cron is still running check, /var/spool/cron/root /etc/cron.d /etc/cron.daily /etc/cron.hourly /etc/crontab

Add to Favourites Print this Article