Portal Home > Knowledgebase > Articles Database > w00t chain vanishing ?!
w00t chain vanishing ?!
Posted by Cameleon, 01-11-2010, 01:14 AM |
I got problem with w00t dfinder scans on my server so i was trying with fail2ban but seems to have some problems using it decided i could use IPTables itself.
So there it is code:
I wonder why after some time i get no chains with
iptables -L w00t -nvx
command ?
Does anyone know ?
|
Posted by Cameleon, 01-11-2010, 11:20 AM |
full description for this is: w00tw00t.at.isc.sans.dfind
it seems that iptables does not hold chains, why is that?
|
Posted by DigitalLinx, 01-11-2010, 02:56 PM |
Is this a VPS or a dedicated (physical) server?
|
Posted by madaboutlinux, 01-12-2010, 06:15 AM |
You have to save the iptable rules once you execute the script, did you do that? Once the script is executed, save iptable rules by executing:
Now, the rules/chains will remain intact even after a reboot. Make sure you do that every time you add some new rules.
|
Posted by Cameleon, 01-12-2010, 09:03 AM |
I got Dedicated server.
Ok i will try to save IPtables.
Strange thing is that i can't find that chain after couple hours - from wheen executing this script. Not after reboot itself.
|
Posted by madaboutlinux, 01-12-2010, 12:12 PM |
It's not just the server reboot but a restart of the iptables service also removes the chains/rules that are not saved.
|
Posted by Cameleon, 01-13-2010, 09:29 PM |
Thx, it is working.
|
Posted by Cameleon, 01-18-2010, 11:23 PM |
Well not quite yet there, could be that APF is reseting my chain and after night theres no chain ?
|
Posted by khunj, 01-19-2010, 12:26 AM |
Yes probably. If I remember well, it has a variable named "DEVEL_MODE" or "DEBUG_MODE" that will flush iptables every 5mn or so.
You need to find it and disable it.
|
Posted by Cameleon, 01-19-2010, 08:34 AM |
Yep but that option is for testing after you install APF in my case this is disabled. But still seems IPTABLES does not hold this rule.
|
Add to Favourites Print this Article
Also Read