ASL Firewall and iptables

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
User avatar
CRServers
Forum User
Forum User
Posts: 54
Joined: Wed Jul 04, 2012 7:44 am
Location: Costa Rica

ASL Firewall and iptables

Unread post by CRServers »

Hello ASL staff and expert members,

We have been trying to disable iptables from our system with no success.

According to ASL documentation at: https://www.atomicorp.com/wiki/index.ph ... leshooting
Disable iptables
Do not run the iptables service with ASL. It is redundant and will cause conflicts. Run these commands to disable iptables:
service iptables stop
chkconfig --del iptables "
and further down:
Third party firewall products
ASL is not supported with third party firewall products. You must remove these products, and remove any firewall rules configured on the system by these tools before installing or using ASL.
So to comply with this, we want to disable iptables completely, but every time we stop iptables it restarts again after a short while.

Additionally, the Interworx staff has determined that there is a conflict with the operation of the Cluster Balancer and the ASL firewall that needs to be resolved, as the Balancer becomes unresponsive at times and only flushing the firewall rules makes it come back.

But it seems that ASL is interacting with iptables:
]# service iptables status
Table: raw
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination

Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination

Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ASL-ACTIVE-RESPONSE all -- 202.142.223.231 0.0.0.0/0
2 ASL-ACTIVE-RESPONSE all -- 186.176.18.206 0.0.0.0/0
3 ASL-ACTIVE-RESPONSE all -- 188.143.232.111 0.0.0.0/0
4 ASL-ACTIVE-RESPONSE all -- 178.137.163.82 0.0.0.0/0
5 ASL-ACTIVE-RESPONSE all -- 202.174.114.86 0.0.0.0/0
6 ASL-ACTIVE-RESPONSE all -- 173.44.37.226 0.0.0.0/0
7 ASL-ACTIVE-RESPONSE all -- 64.151.226.153 0.0.0.0/0
8 ASL-ACTIVE-RESPONSE all -- 122.155.166.6 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain ASL-ACTIVE-RESPONSE (8 references)
num target prot opt source destination
1 DROP all -- 0.0.0.0/0 0.0.0.0/0
So, could you clarify the documentation on this topic:
Does ASL need iptables?

And if not, how do you turn it off for good?

Thanks,
Rodrigo Fernández
Image
http://www.crservers.com
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: ASL Firewall and iptables

Unread post by scott »

It does not need iptables the service (chkconfig iptables off). It does use /sbin/iptables the command
Post Reply