w00t chain vanishing ?!

Portal Home > Knowledgebase > Articles Database > w00t chain vanishing ?!

Posted by Cameleon, 01-11-2010, 01:14 AM
I got problem with w00t dfinder scans on my server so i was trying with fail2ban but seems to have some problems using it decided i could use IPTables itself. So there it is code: I wonder why after some time i get no chains with iptables -L w00t -nvx command ? Does anyone know ?
Posted by Cameleon, 01-11-2010, 11:20 AM
full description for this is: w00tw00t.at.isc.sans.dfind it seems that iptables does not hold chains, why is that?
Posted by DigitalLinx, 01-11-2010, 02:56 PM
Is this a VPS or a dedicated (physical) server?
Posted by madaboutlinux, 01-12-2010, 06:15 AM
You have to save the iptable rules once you execute the script, did you do that? Once the script is executed, save iptable rules by executing: Now, the rules/chains will remain intact even after a reboot. Make sure you do that every time you add some new rules.
Posted by Cameleon, 01-12-2010, 09:03 AM
I got Dedicated server. Ok i will try to save IPtables. Strange thing is that i can't find that chain after couple hours - from wheen executing this script. Not after reboot itself.
Posted by madaboutlinux, 01-12-2010, 12:12 PM
It's not just the server reboot but a restart of the iptables service also removes the chains/rules that are not saved.
Posted by Cameleon, 01-13-2010, 09:29 PM
Thx, it is working.
Posted by Cameleon, 01-18-2010, 11:23 PM
Well not quite yet there, could be that APF is reseting my chain and after night theres no chain ?
Posted by khunj, 01-19-2010, 12:26 AM
Yes probably. If I remember well, it has a variable named "DEVEL_MODE" or "DEBUG_MODE" that will flush iptables every 5mn or so. You need to find it and disable it.
Posted by Cameleon, 01-19-2010, 08:34 AM
Yep but that option is for testing after you install APF in my case this is disabled. But still seems IPTABLES does not hold this rule.

Add to Favourites Print this Article