… completely, even though other inserted rules allow connections to and from outside to specific ports.
Problem after migrating a webserver from Debian/Ubuntu to Gentoo is following script:
1st I delete the old rules via
-t nat -F
-t filter -F
-X
then I define new rules
-N garbage
-I garbage -p TCP
-I garbage -p UDP
-I garbage -p ICMP
now comes the part that causes problems, the default policy:
-P INPUT DROP
-P OUTPUT DROP
-P FORWARD DROP
then come some outgoing conns:
-I OUTPUT -o eth0 -p TCP --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-I INPUT -i eth0 -p TCP --sport 22 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
and some incoming conns:
-I INPUT -i eth0 -p TCP --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-I OUTPUT -o eth0 -p TCP --sport 22 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
On Ubuntu/Debian, the script is running fine. On my Gentoo box, it just shuts down the entire network with the 'default policy', even when I put the part at the very end of the script.
What I noticed when I saved the rules in both local Debian and Gentoo boxes is that Debian begins with the *filter section, then issues a COMMIT, then follows a *nat section and another COMMIT.
However Gentoo's iptables begins with a *raw, *nat and *mangle section and COMMIT, then the *filter section and another COMMIT.
Just realised… could it be because of wrong interface (eth0/ifwhatever)? Or what is wrong with the script and/or iptables?
[SOLVED] iptables -P INPUT|OUTPUT|FORWARD DROP shuts down ne
Message
- guru meditation
- Apprentice
- Posts: 162
- Joined: Sun Mar 18, 2018 4:28 am
- Location: Planet Earth
[SOLVED] iptables -P INPUT|OUTPUT|FORWARD DROP shuts down ne
Last edited by guru meditation on Wed Jan 23, 2019 12:30 am, edited 1 time in total.
- guru meditation
- Apprentice
- Posts: 162
- Joined: Sun Mar 18, 2018 4:28 am
- Location: Planet Earth
