Problem with leaks in IPTABLES firewall
by hkjz from LinuxQuestions.org on (#5GK87)
Hello,
there is something wrong with the firewall rules i made with IPTABLES
when i load system and load the rules to see them i got this:
Code:Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 217.23.1.184 anywhere
ACCEPT all -- 217.23.1.184 anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 217.23.1.184
ACCEPT all -- anywhere 217.23.1.184
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhereHowever, when i reload the firewall rules by hand from file, i am left with this only
Code:Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhereto mitigate this problem i even used such a line in crontab
@reboot cd /path/to/file/ && ./iptables_rules_file
but it did not help.
The first part is interesting, part of curiosity, I suspect that all these files are somehow connected to underlying system functions. Should I unlock them?
The second part with iptables is more concerning - especially '217.23.1.184', which is WorldStream B.V., probably a VPN provider. I recognize the name because it sometimes shows up in my VPN as well.
But in the iptables rules it comes out of nowhere,
I will do more tests with cronetab and reboots to let you know the result.
there is something wrong with the firewall rules i made with IPTABLES
when i load system and load the rules to see them i got this:
Code:Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 217.23.1.184 anywhere
ACCEPT all -- 217.23.1.184 anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 217.23.1.184
ACCEPT all -- anywhere 217.23.1.184
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhereHowever, when i reload the firewall rules by hand from file, i am left with this only
Code:Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhereto mitigate this problem i even used such a line in crontab
@reboot cd /path/to/file/ && ./iptables_rules_file
but it did not help.
The first part is interesting, part of curiosity, I suspect that all these files are somehow connected to underlying system functions. Should I unlock them?
The second part with iptables is more concerning - especially '217.23.1.184', which is WorldStream B.V., probably a VPN provider. I recognize the name because it sometimes shows up in my VPN as well.
But in the iptables rules it comes out of nowhere,
I will do more tests with cronetab and reboots to let you know the result.