-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Creighton wrote: > asus:~ # crontab -e -u root > > 15 11 * * * /root/OFF.sh > 11 22 * * * /root/ON.sh > > :wq > > asus:~ # cat OFF.sh > #!/bin/bash > iptables -I OUTPUT -s 0/0 -p tcp --dport 80 -j DROP > > done manually > asus:~ # ./OFF.sh > asus:~ # iptables -L -n | less > ... > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELAT > > done automatically by cron > /var/log/messages > asus:~ # tailf /var/log/messages > Nov 28 11:10:16 asus crontab[27601]: (root) REPLACE (root) > Nov 28 11:10:16 asus crontab[27601]: (root) END EDIT (root) > Nov 28 11:11:01 asus /usr/sbin/cron[10805]: (root) RELOAD (tabs/root) > Nov 28 11:15:01 asus /usr/sbin/cron[27624]: (root) CMD (/root/OFF.sh ) > > asus:~ # iptables -L -n | less > ... > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELAT > > > When I execute OFF.sh manually, IPTABLES turns off port 80 outbound as I > desire to prevent outbound access on the browser. The listing verifies > that the OUTPUT chain is updated and in fact the browser cannot access > anything. So far, so good. > > At 11:15, the messages log shows that cron executed the OFF.sh shell as > the crontab entries for root commanded but the iptables dump for the > OUTPUT section are unchanged and there is no interruption in outbounf > access. Why would this not work from cron but work manually. BTW, it > makes no difference if the command is run from a script or directly from > the cron line after the time. It gets logged as if it is executing but > does not affect iptables but the exact same command cut-and-paste as a > command works as expected. What dumb am I overlooking? As a test, I > had it ECHO to a file in my user account and it did create the files so > the root crontab file actually does something, it just doesn't affect > iptables.
Might iptables not be in the PATH for the cron job? - -Jeff - -- Jeff Mahoney SUSE Labs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHTblXLPWxlyuTD7IRAsSLAJ9hGw3mShtYc19ulDvn8I9Euv+3bQCfeE2g aJ0vn3DmkHUHhWCqDECGrNY= =Cz2s -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
