SUSE Firewall rules disappearing on FW restart

We’ve been getting hit with a lot of Syn floods recently and I’ve been trying to add some iptable rules to try and mitigate the flood but I find that if I restart the firewall the rules are removed.

Commands used from :http://www.cyberciti.biz/tips/linux-iptables-10-how-to-block-common-attack.html

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

If I run [COLOR="#0000CD"]iptables --list[/COLOR] I see the new rules but as soon as the firewall is restarted they disappear. Anyway to stop this from happening ? I restart the firewall through yast.

Thanks

Rules put in place by the ‘iptables’ command are implemented immediately,
but are only in memory so they are only as persistent as of right now.
When you restart the firewall it flushes everything and builds from
more-permanent settings in the Firewall configuration stuff stored in
/etc/sysconfig/SuSEfirewall2 which is probably how you should try to drop
things initially assuming there is a directive in there which meets your
needs (create a backup of the file before tinkering in there, of course).

Inside that file you may find something like this:

Code:

Type: string

25.)

Do you want to load customary rules from a file?

This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!

READ THE EXAMPLE CUSTOMARY FILE AT

/etc/sysconfig/scripts/SuSEfirewall2-custom

#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""

If you set this to something and then put your iptables commands in there
I think your firewall restarts will cause those rules to be executed and
you’ll keep your settings. I’ve not tried this in quite a while, so
proceed with caution and some tinkering may be in order. Let us know how
it goes, please.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

On 07/02/2014 19:06, ab wrote:
[color=blue]

Rules put in place by the ‘iptables’ command are implemented immediately,
but are only in memory so they are only as persistent as of right now.
When you restart the firewall it flushes everything and builds from
more-permanent settings in the Firewall configuration stuff stored in
/etc/sysconfig/SuSEfirewall2 which is probably how you should try to drop
things initially assuming there is a directive in there which meets your
needs (create a backup of the file before tinkering in there, of course).

Inside that file you may find something like this:

Code:

Type: string

25.)

Do you want to load customary rules from a file?

This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!

READ THE EXAMPLE CUSTOMARY FILE AT

/etc/sysconfig/scripts/SuSEfirewall2-custom

#FW_CUSTOMRULES=“/etc/sysconfig/scripts/SuSEfirewall2-custom”
FW_CUSTOMRULES=“”

If you set this to something and then put your iptables commands in there
I think your firewall restarts will cause those rules to be executed and
you’ll keep your settings. I’ve not tried this in quite a while, so
proceed with caution and some tinkering may be in order. Let us know how
it goes, please.[/color]

My approach is to save custom firewall rules via “iptables-save >
/etc/iptables.local” and then add “iptables-restore -c <
/etc/iptables.local” to /etc/init.d/local so they get load at server
startup.

HTH.

Simon
SUSE Knowledge Partner


If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.