How can i start iptables in kloxo Mr

[bb53]

Dear Sir

How can i start iptables in kloxo Mr?

i use Centos 5.9 x64 and php53u + suphp event

I want to block bad ip in iptables

but i can't use iptables file and iptables start in service menu

Thank you

[Spacedust]

/etc/init.d/iptables start

[chrisf]

iptables - first light green - second red.  It will always display that way - probably iptables IS running.  If you need help configuring the rules i can help.  Check under processes.

[MRatWork]

Installing Kloxo-MR will be rename /etc/sysconfig/iptables and ip6tables to iptables.kloxosave and ip6tables.kloxasave if exists.

Purpose for renamed them because 'default' rules only permit access via port 22 (ssh) and then it make website, ftp, mail and Kloxo-MR panel unreachable.

You can rename to original name and modified rules.

[bb53]

iptables - first light green - second red.  It will always display that way - probably iptables IS running.  If you need help configuring the rules i can help.  Check under processes.

Yes it's right.

Installing Kloxo-MR will be rename /etc/sysconfig/iptables and ip6tables to iptables.kloxosave and ip6tables.kloxasave if exists.

Purpose for renamed them because 'default' rules only permit access via port 22 (ssh) and then it make website, ftp, mail and Kloxo-MR panel unreachable.

You can rename to original name and modified rules.

I just rename iptables to iptables.kloxosave right and add block ip in iptables.kloxosave

[bb53]

[root@xmlvps ~]#  service iptables start
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat mangle filter         [  OK  ]
Unloading iptables modules:                                [  OK  ]

[bb53]

I rename to iptables and modified but in service menu State red light

[Spacedust]

Same to me

[MRatWork]

Learn about how to set iptables rule. Kloxo/Kloxo-MR not setup for this rule.

Rule of iptables exist in /etc/sysconfig/iptables and ip6tables (not iptables.conf and ip6tables.conf). Rename iptables.kloxosave (if exists) or create the new one for enable iptables.

[Spacedust]

Learn about how to set iptables rule. Kloxo/Kloxo-MR not setup for this rule.

Rule of iptables exist in /etc/sysconfig/iptables and ip6tables (not iptables.conf and ip6tables.conf). Rename iptables.kloxosave (if exists) or create the new one for enable iptables.

Iptables works for me without problems so why Kloxo is reporting is a RED ?

[bb53]

I create file iptables.klxosave

[root@xmlvps ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat mangle filter         [  OK  ]
Unloading iptables modules:                                [  OK  ]




and i rename to iptables

[root@xmlvps ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat mangle filter         [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: Bad argument `iptables'
Error occurred at line: 33
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                           [FAILED]

[MRatWork]

Look like something wrong with iptables. See 'Applying iptables firewall rules: Bad argument `iptables', Error occurred at line: 33'

[bb53]

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7777 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7778 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7779 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT <------------------30

code in iptables

[root@xmlvps ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat mangle filter         [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: iptables-restore v1.3.5: no command specified
Error occurred at line: 30
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                           [FAILED]

[bb53]

use iptables not use iptables.kloxosave?

[bb53]

status red light in service menu but it's enable in this status right

i don;t knowleadge about iptables

Thank you very much

[root@xmlvps ~]#  service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Table: mangle
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:7777
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:7778
15   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited