[opensuse] firewall question
I have: iptables -L |grep 45.114.11 DROP all -- 45.114.11.0/24 anywhere Why do I see: 2015-07-25T19:19:28.055414-04:00 wahoo kernel: [510252.903460] SFW2-INext-ACC-TCP IN=enp1s0 OUT= MAC=78:e3:b5:ad:f1:2f:84:61:a0:0c:2b:40:08:00 SRC=45.114.11.52 DST=192.168.1.3 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=27756 DF PROTO=TCP SPT=53959 DPT=22 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A666A23FA0000000001030307) shouldn't I see: SFW2-INext-DROP-DEFLT IN tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi Patrick, Could you post all of the iptables rules for us to see? iptables -L -v -n --line-numbers Brandon Vincent-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Brandon Vincent (Student) <Brandon.Vincent@asu.edu> [07-25-15 23:33]:
Hi Patrick,
Could you post all of the iptables rules for us to see?
iptables -L -v -n --line-numbers
http://wahoo.no-ip.org/~pat/iptables.rules.txt tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, Jul 26, 2015 at 09:12:05AM -0400, Patrick Shanahan wrote:
* Brandon Vincent (Student) <Brandon.Vincent@asu.edu> [07-25-15 23:33]:
Hi Patrick,
Could you post all of the iptables rules for us to see?
iptables -L -v -n --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 2473K 131M f2b-sshd-ddos tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 2 2473K 131M f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 3 2835K 1071M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 4 10M 7655M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED 5 4 296 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED 6 79315 7019K input_ext all -- * * 0.0.0.0/0 0.0.0.0/0 7 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-IN-ILL-TARGET " 8 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 9 0 0 DROP all -- * * 45.114.11.0/24 0.0.0.0/0 The order of rules is important. Your DROP line is after all other lines including the ACCEPT. If you added this rule manually, you probably use -A (append to end) instead of the better -I (insert at top or number)> So add it with -I Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Marcus Meissner <meissner@suse.de> [07-26-15 10:11]:
On Sun, Jul 26, 2015 at 09:12:05AM -0400, Patrick Shanahan wrote:
* Brandon Vincent (Student) <Brandon.Vincent@asu.edu> [07-25-15 23:33]:
Hi Patrick,
Could you post all of the iptables rules for us to see?
iptables -L -v -n --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 2473K 131M f2b-sshd-ddos tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 2 2473K 131M f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 3 2835K 1071M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 4 10M 7655M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED 5 4 296 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED 6 79315 7019K input_ext all -- * * 0.0.0.0/0 0.0.0.0/0 7 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-IN-ILL-TARGET " 8 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 9 0 0 DROP all -- * * 45.114.11.0/24 0.0.0.0/0
The order of rules is important. Your DROP line is after all other lines including the ACCEPT.
If you added this rule manually, you probably use -A (append to end) instead of the better -I (insert at top or number)>
So add it with -I
Thanks, done. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Brandon Vincent (Student) -
Marcus Meissner -
Patrick Shanahan