Remove IPtables entry Sophos XG

Question

What is the best commands to list IPtables in a Sophos Firewall and also remove a MTU rule?

emmosophos · Accepted Answer

Hello Ben, 
 Enable editing of the startup script: 
 mount -no remount,rw / Use vi to edit /scripts/system/clientpref/customization_application_startup.sh and add the lines. This should then look like: 
 #!/bin/sh iptables -t mangle -D POSTROUTING -d 172.19.0.0/16 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 900 exit 0; 
 Save the changes and exit vi Write protect the startup script again: mount -no remount,ro / Note: 
 In High Availability clusters the above will need to be applied on both nodes. 
 Regards,

emmosophos · Answer

Hello Ben, 
 Thank you for contacting the Sophos Community. 
 You can use: 
 #ipset -L (To list out all output of IPset tables ipset -L <set name> : To list out detail about particular set) 
 #ipset -L | more (To show one page at the time) 
 About the MTU rule, what is the command you used to set the MTU? 
 Regards,

emmosophos · Answer

Hello Ben, 
 You can run # iptables -t mangle -D POSTROUTING -d 172.19.0.0/16 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 900 This will delete the entry(s) matching 172.19.0.0/16 located in the POSTROUTING, so if you have two entries for example: 
 Chain POSTROUTING (policy ACCEPT 4 packets, 240 bytes) pkts bytes target prot opt in out source destination optimization 0 0 TCPMSS tcp -- * * 0.0.0.0/0 172.19.0.0/16 - tcp flags:0x06/0x02 TCPMSS set 900 0 0 TCPMSS tcp -- * * 0.0.0.0/0 172.19.0.0/16 - tcp flags:0x06/0x02 TCPMSS set 900 
 Then this will delete both of them, since they are duplicated, you can then just re-run the command. 
 # iptables -t mangle -I POSTROUTING -d 172.19.0.0/16 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 900 
 Also check if the entries are not part of the start script 
 # cat /scripts/system/clientpref/customization_application_startup.sh 
 Regards,

Remove IPtables entry Sophos XG

Top Replies