Atomicorp

During the night (CET) my server stopped responding on all ports. I naturally thought this was a firewall event because all other VMs on the server looked ok. I was able to log in via terminal and as soon as i reset iptables everything worked. I then started to suspect some of the blocklists. I removed them all and restored them one by one. When turning on "Dshield top attackers list" I was locked out again.

So, if you are experiencing this kind of trouble, try to remove the dshield blacklist.

Dshield blocks by the netblock (/24) rather than by the IP, so all it takes is for someone else on your segment to get your system as collatoral damage.

But should the server be unreachable from both the inside and the outside if it's blocked? Shouldn't whitelisting work? I could not reach the server from any computer and the server could not communicate with the internet.

When searching for IP:s in the block I cannot find any indication of them being blacklisted.

Blacklists are applied to input and output.