Re: [qmailtoaster] Easy IP Tables question
Scott Hughes wrote: What is the proper way to add a rule to the firewall that will survive a reboot of the QMT server? When I installed Pyzor onto my server, I had to open a hole in the firewall in order for it to work properly. I did this by adding the rule to the firewall.sh script. Now, when the server reboots, I have to run the firewall.sh script to open that port back up. Here is what I put in the firewall.sh script: ## Allow pyzor communications (port 24441) iptables -A INPUT -p tcp -m udp --syn --dport 24441 -j ACCEPT Once I run the firewall.sh script, all is well ... until the next reboot, that is. Thanks, Scott after you run firewall.sh run the following command at the command line prompt #iptables save - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Easy IP Tables question
That's presuming that it is in the init scripts. On 05/26/2010 02:46 PM, Eric Broch wrote: Scott Hughes wrote: What is the proper way to add a rule to the firewall that will survive a reboot of the QMT server? When I installed Pyzor onto my server, I had to open a hole in the firewall in order for it to work properly. I did this by adding the rule to the firewall.sh script. Now, when the server reboots, I have to run the firewall.sh script to open that port back up. Here is what I put in the firewall.sh script: ## Allow pyzor communications (port 24441) iptables -A INPUT -p tcp -m udp --syn --dport 24441 -j ACCEPT Once I run the firewall.sh script, all is well ... until the next reboot, that is. Thanks, Scott after you run firewall.sh run the following command at the command line prompt #iptables save - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Easy IP Tables question
That's presuming that it is in the init scripts. Ignore this moment of stupidity. On 05/26/2010 02:46 PM, Eric Broch wrote: Scott Hughes wrote: What is the proper way to add a rule to the firewall that will survive a reboot of the QMT server? When I installed Pyzor onto my server, I had to open a hole in the firewall in order for it to work properly. I did this by adding the rule to the firewall.sh script. Now, when the server reboots, I have to run the firewall.sh script to open that port back up. Here is what I put in the firewall.sh script: ## Allow pyzor communications (port 24441) iptables -A INPUT -p tcp -m udp --syn --dport 24441 -j ACCEPT Once I run the firewall.sh script, all is well ... until the next reboot, that is. Thanks, Scott after you run firewall.sh run the following command at the command line prompt #iptables save - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Easy IP Tables question
I don't think it is in the init scripts, or it would remain after a reboot. How does one check the init scripts, please? Thanks! On 5/26/10 5:16 PM, Maxwell Smart wrote: That's presuming that it is in the init scripts. Ignore this moment of stupidity. On 05/26/2010 02:46 PM, Eric Broch wrote: Scott Hughes wrote: What is the proper way to add a rule to the firewall that will survive a reboot of the QMT server? When I installed Pyzor onto my server, I had to open a hole in the firewall in order for it to work properly. I did this by adding the rule to the firewall.sh script. Now, when the server reboots, I have to run the firewall.sh script to open that port back up. Here is what I put in the firewall.sh script: ## Allow pyzor communications (port 24441) iptables -A INPUT -p tcp -m udp --syn --dport 24441 -j ACCEPT Once I run the firewall.sh script, all is well ... until the next reboot, that is. Thanks, Scott after you run firewall.sh run the following command at the command line prompt #iptables save - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Easy IP Tables question
Scott, Iptables is automatically loaded. You just need to save your addition to the iptables. # iptables-restore //etc/sysconfig/iptables.save/, replace this with whatever your edited file name is. As Scott noted below running the iptables-save once you've run the firewall.sh script will save the modified settings to the iptables too. I had a brain fart, iptables is always started it just may be empty and not block anything. Running the firewall script populates the iptables. On 05/26/2010 03:15 PM, Scott Hughes wrote: I don't think it is in the init scripts, or it would remain after a reboot. How does one check the init scripts, please? Thanks! On 5/26/10 5:16 PM, Maxwell Smart wrote: That's presuming that it is in the init scripts. Ignore this moment of stupidity. On 05/26/2010 02:46 PM, Eric Broch wrote: Scott Hughes wrote: What is the proper way to add a rule to the firewall that will survive a reboot of the QMT server? When I installed Pyzor onto my server, I had to open a hole in the firewall in order for it to work properly. I did this by adding the rule to the firewall.sh script. Now, when the server reboots, I have to run the firewall.sh script to open that port back up. Here is what I put in the firewall.sh script: ## Allow pyzor communications (port 24441) iptables -A INPUT -p tcp -m udp --syn --dport 24441 -j ACCEPT Once I run the firewall.sh script, all is well ... until the next reboot, that is. Thanks, Scott after you run firewall.sh run the following command at the command line prompt #iptables save - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com
Re: [qmailtoaster] Easy IP Tables question
I guess what I am looking for is a file to check and make sure that everything with the firewall settings is starting at boot time. It seems that everything else in the firewall.sh script is starting at boot time, just not the Pyzor setting. Very strange. Thanks, Scott On 5/26/10 5:36 PM, Maxwell Smart wrote: Scott, Iptables is automatically loaded. You just need to save your addition to the iptables. # iptables-restore //etc/sysconfig/iptables.save/, replace this with whatever your edited file name is. As Scott noted below running the iptables-save once you've run the firewall.sh script will save the modified settings to the iptables too. I had a brain fart, iptables is always started it just may be empty and not block anything. Running the firewall script populates the iptables. On 05/26/2010 03:15 PM, Scott Hughes wrote: I don't think it is in the init scripts, or it would remain after a reboot. How does one check the init scripts, please? Thanks! On 5/26/10 5:16 PM, Maxwell Smart wrote: That's presuming that it is in the init scripts. Ignore this moment of stupidity. On 05/26/2010 02:46 PM, Eric Broch wrote: Scott Hughes wrote: What is the proper way to add a rule to the firewall that will survive a reboot of the QMT server? When I installed Pyzor onto my server, I had to open a hole in the firewall in order for it to work properly. I did this by adding the rule to the firewall.sh script. Now, when the server reboots, I have to run the firewall.sh script to open that port back up. Here is what I put in the firewall.sh script: ## Allow pyzor communications (port 24441) iptables -A INPUT -p tcp -m udp --syn --dport 24441 -j ACCEPT Once I run the firewall.sh script, all is well ... until the next reboot, that is. Thanks, Scott after you run firewall.sh run the following command at the command line prompt #iptables save - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com
Re: [qmailtoaster] Easy IP Tables question
Not at all strange. If you reboot and # cat iptables you'll find it's not present. If you then run the firewall.sh script and then # cat iptables it will be present and then by running # iptables-save it will be saved as iptables and will be live after the next reboot. On 05/26/2010 03:55 PM, Scott Hughes wrote: I guess what I am looking for is a file to check and make sure that everything with the firewall settings is starting at boot time. It seems that everything else in the firewall.sh script is starting at boot time, just not the Pyzor setting. Very strange. Thanks, Scott On 5/26/10 5:36 PM, Maxwell Smart wrote: Scott, Iptables is automatically loaded. You just need to save your addition to the iptables. # iptables-restore //etc/sysconfig/iptables.save/, replace this with whatever your edited file name is. As Scott noted below running the iptables-save once you've run the firewall.sh script will save the modified settings to the iptables too. I had a brain fart, iptables is always started it just may be empty and not block anything. Running the firewall script populates the iptables. On 05/26/2010 03:15 PM, Scott Hughes wrote: I don't think it is in the init scripts, or it would remain after a reboot. How does one check the init scripts, please? Thanks! On 5/26/10 5:16 PM, Maxwell Smart wrote: That's presuming that it is in the init scripts. Ignore this moment of stupidity. On 05/26/2010 02:46 PM, Eric Broch wrote: Scott Hughes wrote: What is the proper way to add a rule to the firewall that will survive a reboot of the QMT server? When I installed Pyzor onto my server, I had to open a hole in the firewall in order for it to work properly. I did this by adding the rule to the firewall.sh script. Now, when the server reboots, I have to run the firewall.sh script to open that port back up. Here is what I put in the firewall.sh script: ## Allow pyzor communications (port 24441) iptables -A INPUT -p tcp -m udp --syn --dport 24441 -j ACCEPT Once I run the firewall.sh script, all is well ... until the next reboot, that is. Thanks, Scott after you run firewall.sh run the following command at the command line prompt #iptables save - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com
Re: [qmailtoaster] Easy IP Tables question
Thanks for the assistance everyone. When I did the save command, I still did not see the line I listed below. I realized that it was completely wrong (syntax). What I had was: iptables -A INPUT -p tcp -m udp --syn --dport 24441 -j ACCEPT What it should have been to work properly is: iptables -A INPUT -p udp -m udp --dport 24441 -j ACCEPT Thanks again, Scott On 5/26/10 6:18 PM, Maxwell Smart wrote: Not at all strange. If you reboot and # cat iptables you'll find it's not present. If you then run the firewall.sh script and then # cat iptables it will be present and then by running # iptables-save it will be saved as iptables and will be live after the next reboot. On 05/26/2010 03:55 PM, Scott Hughes wrote: I guess what I am looking for is a file to check and make sure that everything with the firewall settings is starting at boot time. It seems that everything else in the firewall.sh script is starting at boot time, just not the Pyzor setting. Very strange. Thanks, Scott On 5/26/10 5:36 PM, Maxwell Smart wrote: Scott, Iptables is automatically loaded. You just need to save your addition to the iptables. # iptables-restore //etc/sysconfig/iptables.save/, replace this with whatever your edited file name is. As Scott noted below running the iptables-save once you've run the firewall.sh script will save the modified settings to the iptables too. I had a brain fart, iptables is always started it just may be empty and not block anything. Running the firewall script populates the iptables. On 05/26/2010 03:15 PM, Scott Hughes wrote: I don't think it is in the init scripts, or it would remain after a reboot. How does one check the init scripts, please? Thanks! On 5/26/10 5:16 PM, Maxwell Smart wrote: That's presuming that it is in the init scripts. Ignore this moment of stupidity. On 05/26/2010 02:46 PM, Eric Broch wrote: Scott Hughes wrote: What is the proper way to add a rule to the firewall that will survive a reboot of the QMT server? When I installed Pyzor onto my server, I had to open a hole in the firewall in order for it to work properly. I did this by adding the rule to the firewall.sh script. Now, when the server reboots, I have to run the firewall.sh script to open that port back up. Here is what I put in the firewall.sh script: ## Allow pyzor communications (port 24441) iptables -A INPUT -p tcp -m udp --syn --dport 24441 -j ACCEPT Once I run the firewall.sh script, all is well ... until the next reboot, that is. Thanks, Scott after you run firewall.sh run the following command at the command line prompt #iptables save - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com