How to recover firewall config
325 views
Skip to first unread message
Jerry Shenk
May 25, 2012, 2:50:01 PM5/25/12
to security-onion
I messed up the firewall on my SO box. I wanted to add a rule to
enable tcp port 80 for cacti but I wasn't sure that was the problem so
I just an "iptables -F" to flush all the rules. Well, that broke
everything so I looked up my notes and found that "ufw allow 80/tcp"
is what I really want to allow the port 80 traffic I then did a "ufw
reset" thinking that would restart the firewall. Well, it reset the
firewall to some kind of default so now everything is allowed. Cacti
works fine now;) ...but I'd really like to turn the firewall back on
like it was when it was originally set up. Anybody know how I can do
that?
enable tcp port 80 for cacti but I wasn't sure that was the problem so
I just an "iptables -F" to flush all the rules. Well, that broke
everything so I looked up my notes and found that "ufw allow 80/tcp"
is what I really want to allow the port 80 traffic I then did a "ufw
reset" thinking that would restart the firewall. Well, it reset the
firewall to some kind of default so now everything is allowed. Cacti
works fine now;) ...but I'd really like to turn the firewall back on
like it was when it was originally set up. Anybody know how I can do
that?
Scott
May 25, 2012, 3:07:38 PM5/25/12
to securit...@googlegroups.com
Hey Jerry.
You could do a default SO install in a VM, then check the FW config there and adjust yours to match. There's probably an easier way but that's the first thing that came to mind for me.
Scott
You could do a default SO install in a VM, then check the FW config there and adjust yours to match. There's probably an easier way but that's the first thing that came to mind for me.
Scott
Jerry Shenk
May 25, 2012, 3:19:25 PM5/25/12
to security-onion
Where is the firewall config? Most of my linux boxes are RedHat/
Fedora so I typycally modify the /etc/sysconfig/iptables file. That's
how I got into this predicament....I didn't verify what I was doing
before I did it. If you know where those files are, I can do just
what you said, that seems easy enough. Actually, I suppose I should
be able to find a startup file that will point to those files.
Fedora so I typycally modify the /etc/sysconfig/iptables file. That's
how I got into this predicament....I didn't verify what I was doing
before I did it. If you know where those files are, I can do just
what you said, that seems easy enough. Actually, I suppose I should
be able to find a startup file that will point to those files.
Jerry Shenk
May 25, 2012, 3:23:54 PM5/25/12
to security-onion
It looks like there is a backup that "ufw reset" made so that in the
event the operator was to stupid to understand the process first, the
damage can be undone by just copying the files over the old ones. I
think I'll check this out a little first but that looks like the deal.
event the operator was to stupid to understand the process first, the
damage can be undone by just copying the files over the old ones. I
think I'll check this out a little first but that looks like the deal.
Jerry Shenk
May 25, 2012, 3:28:47 PM5/25/12
to security-onion
The only change is ufw.conf. Mine now reads:
# /etc/ufw/ufw.conf
#
# Set to yes to start on boot. If setting this remotely, be sure to
add a rule
# to allow your remote connection before starting ufw. Eg: 'ufw allow
22/tcp'
ENABLED=no
# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging
medium'.
# See 'man ufw' for details.
LOGLEVEL=low
I think "ENABLED" should be set to "yes". Will try that and report
back...changing one word is easy enough to back out;)
# /etc/ufw/ufw.conf
#
# Set to yes to start on boot. If setting this remotely, be sure to
add a rule
# to allow your remote connection before starting ufw. Eg: 'ufw allow
22/tcp'
ENABLED=no
# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging
medium'.
# See 'man ufw' for details.
LOGLEVEL=low
I think "ENABLED" should be set to "yes". Will try that and report
back...changing one word is easy enough to back out;)
Jerry Shenk
May 25, 2012, 3:51:33 PM5/25/12
to security-onion
There is also a /lib/ufw directory that also saved a few files for
me...user.rules and user6.rules. Just copied them back in place,
rebooted and now I'm back in business.
It's almost the weekend...gonna try to not blow myself up again;)
me...user.rules and user6.rules. Just copied them back in place,
rebooted and now I'm back in business.
It's almost the weekend...gonna try to not blow myself up again;)
Reply all
Reply to author
Forward
0 new messages