Atomicorp

Security for Everyone
https://forums.atomicorp.com/

iptables blocking everything

https://forums.atomicorp.com/viewtopic.php?t=8728

Page 1 of 1

iptables blocking everything

Posted: Wed May 02, 2018 9:58 am
by zonathen
Something is changing iptables to block everything, when it's on I can't even ping google from the server. This seems to happen with an autoshun from ASL. Is there a misconfiguration with ASL? how can I figure out what should be in the firewall and stop this from happening?

If I list out what's currently blocked I get:

Code: Select all

iptables -L INPUT -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    8   536 ASL-WHITELIST  all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    8   536 ASL-WHITELIST  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    8   536 ASL-ACTIVE-RESPONSE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    8   536 ASL-UPDATES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    8   536 ASL-BLACKLIST  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    8   536 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ASL-TORTIXD-ACL  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:30000 ctstate NEW 
    0     0 ACCEPT     tcp  --  lo     *       0.0.0.0/0            0.0.0.0/0           tcp dpt:30000 ctstate NEW 
    0     0 ASL-GEO-BLACKLIST  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ASL-TOR    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ASL-OPENPROXIES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ASL-AUTOSHUN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ASL-EMERGING  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       all  --  lo     *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 ASL-CIARMY  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ASL-ELASSO  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ASL-LASSO  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ASL-DSHIELD  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  !lo    *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID 
    0     0 ASL-Firewall-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
Thanks

Re: iptables blocking everything

Posted: Wed May 02, 2018 5:07 pm
by hostingg
wrong command for outbound, run this instead

iptables -L OUTPUT -v -n

Re: iptables blocking everything

Posted: Thu May 03, 2018 10:03 am
by zonathen
Thanks actually both inbound and outbound are being blocked. Here is the output of the outbound:

Code: Select all

iptables -L OUTPUT -v -n
Chain OUTPUT (policy ACCEPT 1 packets, 60 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            80.82.124.228       tcp dpt:80 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            80.82.124.228       tcp dpt:443 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.208.77.16        tcp dpt:80 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.208.77.16        tcp dpt:443 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.208.64.28        tcp dpt:80 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.208.64.28        tcp dpt:443 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.208.173.236      tcp dpt:80 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.208.173.236      tcp dpt:443 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.208.172.195      tcp dpt:80 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.208.172.195      tcp dpt:443 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            198.71.54.72        tcp dpt:80 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            198.71.54.72        tcp dpt:443 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            198.71.51.132       tcp dpt:80 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            198.71.51.132       tcp dpt:443 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            173.203.184.213     tcp dpt:80 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            173.203.184.213     tcp dpt:443 ctstate NEW,RELATED,ESTABLISHED 
    0     0 ASL-UPDATES  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 ctstate NEW 
    0     0 ASL-UPDATES  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 ctstate NEW 
47390 6827K ASL-BLACKLIST  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
47375 6830K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
  131 14312 ASL-GEO-BLACKLIST  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  163 18953 ASL-TOR    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  307 39695 ASL-OPENPROXIES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  387 51228 ASL-AUTOSHUN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  487 65668 ASL-EMERGING  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  575 82851 ASL-CIARMY  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1287  185K ASL-ELASSO  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1335  192K ASL-LASSO  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1391  200K ASL-DSHIELD  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      !lo     0.0.0.0/0            0.0.0.0/0           ctstate INVALID 
    1    60 ASL-SPAMASSASSIN-UPDATES  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Re: iptables blocking everything

Posted: Mon May 07, 2018 7:18 pm
by mikeshinn
So what I see from that output is that the only rules that youve selected that would block anything outbound are the third party and user custom blacklists. Those rules will also log anything they block (unless logging has been disabled, but the default is to log everything). What events do you see in /var/log/messages when you can not connect outbound?
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited