Nathaniel Hall wrote:
I am running an RHAS3 firewall with IPTables. When I restart IPTables, I get kicked out of my SSH session and everybody around campus gets kicked out of telnet. Once I have been kicked out, I cannot re-login via SSH.
FWIW, I believe that is the "expected" behavior. That is shutting down IP tables on a firewall closes the drawbridge tight.
I prefer to use shorewall for management of my firewall. It has a feature called "routestopped" that keeps a route open to specific IP's when the firewall is shutdown. This allows you to maintain access from a remote location to do maintenance.
Regards, Ed
Oh, just in case you are interested... http://www.shorewall.net
When I get to the local console of the firewall, I am able to login with no prob and restart IPTables with all succeeds and everything goes back to normal. I took a look at /var/log/messages and here is what I get:
/Start of IPTables restart/
Dec 7 14:58:44 cs-fw iptables: succeeded
Dec 7 14:58:44 cs-fw last message repeated 2 times
Dec 7 14:58:44 cs-fw sshd(pam_unix)[21325]: session closed for user root
Dec 7 15:03:29 cs-fw login(pam_unix)[16534]: session opened for user root by LOGIN(uid=0)
Dec 7 15:03:29 cs-fw -- root[16534]: ROOT LOGIN ON tty1
Dec 7 15:03:32 cs-fw kernel: ip_tables: (C) 2000-2002 Netfilter core team
Dec 7 15:03:32 cs-fw kernel: ip_conntrack version 2.1 (8191 buckets, 65528 max) - 304 bytes per conntrack
Dec 7 15:03:32 cs-fw iptables: succeeded
Dec 7 15:03:32 cs-fw iptables: succeeded
/End of second IPTables restart/
Any ideas?
-- "A common mistake that people make when trying to design something completely foolproof was to underestimate the ingenuity of complete fools."
--Ford Prefect in "Mostly Harmless".
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
