After a reboot of a Linux Enforce Server, users can no longer login to the User Interface.
If they manually enter the port by logging in through https://<machine>:8443 it works ok.
Following those assumptions, the first step in our process is to see if this iptables script is already set to automatically start when your system is rebooted. If it is, there's nothing else you'll have to do (except configure your firewall, of course).
You can check to see if the iptables script is already configured to automatically start by running this Linux chkconfig command:
chkconfig --list iptables
If your iptables firewall script is configured to restart properly, the chkconfig command output should look like this:
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
The most important values are the on values for the run levels 2, 3, 4, and 5. If your values are "on" as shown, and you followed the instructions in the article I linked to above, congratulations, your firewall should start up automatically after a reboot. Of course you need to test this, but at this point, things look fine.
However, if all your values are "off", iptables
will not automatically start up after a reboot, and you should keep reading this article.
Assuming all of your values are off, you need to turn them "on" to get iptables
running after a reboot. You turn these values on by running the following two chkconfig
commands.
First, run the chkconfig --add
command like this:
chkconfig --add iptables
As the chkconfig
man page states, this option "adds a new service for management by chkconfig. When a new service is added, chkconfig ensures that the service has either a start or a kill entry in every runlevel."
Next, you tell your Linux system that the iptables
script should be run when the system gets to run levels 2 through 5 by issuing this chkconfig
command:
chkconfig --level 2345 iptables on
Again, this command tells your Linux system that you want the iptables
script to be run whenever the system goes into one of these runlevels. It is similar to you typing in this command manually every time your server starts up:
service iptables start
except that it's run automatically for you.
Now, if you'll run the chkconfig --list
command again:
chkconfig --list iptables
your output should now look like this:
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
This is what you want to see, the on values in the runlevels two through five.
Assuming that you configured your iptables firewall properly, you should now be ready to reboot your system. When you log in after the reboot and check your iptables firewall with a command like this:
iptables -L -v
you should see the expected output. (This output here will be different for different firewall configurations, so I'm not showing any output here.)
You can also run this command again to make sure you still see the same "on" results:
chkconfig --list iptables
As a quick point of reference, if you type chkconfig --help
, you should see the following output:
# chkconfig --help chkconfig version 1.3.30.1 - Copyright (C) 1997-2000 Red Hat, Inc. This may be freely redistributed under the terms of the GNU Public License. usage: chkconfig --list [name] chkconfig --add <name> chkconfig --del <name> chkconfig [--level <levels>] <name> <on|off|reset|resetpriorities>