ASL Firewall and iptables
Posted: Wed Oct 30, 2013 5:19 pm
Hello ASL staff and expert members,
We have been trying to disable iptables from our system with no success.
According to ASL documentation at: https://www.atomicorp.com/wiki/index.ph ... leshooting
Additionally, the Interworx staff has determined that there is a conflict with the operation of the Cluster Balancer and the ASL firewall that needs to be resolved, as the Balancer becomes unresponsive at times and only flushing the firewall rules makes it come back.
But it seems that ASL is interacting with iptables:
Does ASL need iptables?
And if not, how do you turn it off for good?
Thanks,
We have been trying to disable iptables from our system with no success.
According to ASL documentation at: https://www.atomicorp.com/wiki/index.ph ... leshooting
and further down:Disable iptables
Do not run the iptables service with ASL. It is redundant and will cause conflicts. Run these commands to disable iptables:
service iptables stop
chkconfig --del iptables "
So to comply with this, we want to disable iptables completely, but every time we stop iptables it restarts again after a short while.Third party firewall products
ASL is not supported with third party firewall products. You must remove these products, and remove any firewall rules configured on the system by these tools before installing or using ASL.
Additionally, the Interworx staff has determined that there is a conflict with the operation of the Cluster Balancer and the ASL firewall that needs to be resolved, as the Balancer becomes unresponsive at times and only flushing the firewall rules makes it come back.
But it seems that ASL is interacting with iptables:
So, could you clarify the documentation on this topic:]# service iptables status
Table: raw
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ASL-ACTIVE-RESPONSE all -- 202.142.223.231 0.0.0.0/0
2 ASL-ACTIVE-RESPONSE all -- 186.176.18.206 0.0.0.0/0
3 ASL-ACTIVE-RESPONSE all -- 188.143.232.111 0.0.0.0/0
4 ASL-ACTIVE-RESPONSE all -- 178.137.163.82 0.0.0.0/0
5 ASL-ACTIVE-RESPONSE all -- 202.174.114.86 0.0.0.0/0
6 ASL-ACTIVE-RESPONSE all -- 173.44.37.226 0.0.0.0/0
7 ASL-ACTIVE-RESPONSE all -- 64.151.226.153 0.0.0.0/0
8 ASL-ACTIVE-RESPONSE all -- 122.155.166.6 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain ASL-ACTIVE-RESPONSE (8 references)
num target prot opt source destination
1 DROP all -- 0.0.0.0/0 0.0.0.0/0
Does ASL need iptables?
And if not, how do you turn it off for good?
Thanks,