Re: Slink/ipchains trouble
On Thu, Sep 23, 1999 at 09:30:56PM -0700, nate wrote:
> I've never seen this before..
>
> Every few minutes something on one of my servers running Slink changes the
> default policy on input,output and foward to DENY. I ravaged through /etc
> to see if anything there was doing it, and didnt find anything, anyone
> know of a package that would/could do this? Nothing is in crontab ..i
> would remove ipchains totally but i need it for ipmasq ..the machine is
> firewalled already upstream so i dont need any special rules other then
> the masq one but cannot understand why the machine is doing it..nothing
> showing up in the logs..just one moment the policies are ACCEPT (set
> manually by me) and the next they are back to DENY. This machine acts as
> a DHCP server, a PPP server, DNS server and NTP server.
>
> any ideas?
Nevertheless, it looks like a cron treatment. But also could could come
from a PPP script (some are changing some files permission as soon as they're
up).
Check:
1- Is the time between reset policies a constant? (i.e. make 'ipchains -L'
every 10 sec.)
If so, it (strongly) may be part of a cron treatment (some scripts call
other scripts, who call other scripts... check all.)
2- If not, watch the log files (you could also, just for the test time, add
a '-l' to ALL of your ipchains lines, in order to keep an overall trace)
and check if the policies changes occurs when there's a PPP connection.
If so check all the PPP scripts.
3- If it is nothing of that, get naked, then run 12 times around your block,
while shouting: "M$ Windows is caca-poo"; it does nothing but keeps your
nerves down ;->
JY
--
Jean-Yves Barbier <jybarbier@wanadoo.fr>
Algol-60 surely must be regarded as the most important programming language
yet developed.
-- T. Cheatham
Reply to: