iptables changes suddenly by itself (SOLVED)

Support for security such as Firewalls and securing linux
Post Reply
amiredx
Posts: 3
Joined: 2016/06/23 14:21:53

iptables changes suddenly by itself (SOLVED)

Post by amiredx » 2016/06/23 14:33:28

Hi
I have applied the following rules to my iptables:
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

but after it changes to something like this:
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- 130.158.6.120 anywhere
DROP all -- a104-86-110-74.deploy.static.akamaitechnologies.com anywhere

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- !127.63.239.108 !127.20.164.105 icmp port-unreachable connmark match !0x643651f3
DROP tcp -- !127.118.196.105 !127.147.220.99 tcp spts:61001:65535 flags:RST/RST connmark match !0x776e9f8e


Applying the rules again and restarting was not effective. So i stopped some services: httpd, named, dovecot, squid, vncserver, proftpd, postfix.
Nothing changed. It's my first experience and really i'm scared of rootkit and i tested some monitoring commands and rootkit scanners but shows nothing.
Welcome any suggestion ?
Last edited by amiredx on 2016/06/24 22:48:23, edited 2 times in total.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: iptables changes suddenly

Post by TrevorH » 2016/06/23 14:38:41

Do you have something like fail2ban running?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

amiredx
Posts: 3
Joined: 2016/06/23 14:21:53

Re: iptables changes suddenly

Post by amiredx » 2016/06/23 15:15:17

I know fail2ban is not installed. If you can guide me to similar softwares.

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: iptables changes suddenly

Post by Whoever » 2016/06/24 02:09:58

How did you update the rules and did you save them after updating?

amiredx
Posts: 3
Joined: 2016/06/23 14:21:53

Re: iptables changes suddenly

Post by amiredx » 2016/06/24 22:46:21

I found it! Its added to output chain filter by softether vpn to enable secure nat. Indeed its secure.

imort
Posts: 12
Joined: 2016/04/01 05:33:31

Re: iptables changes suddenly

Post by imort » 2016/07/02 10:19:07

amiredx wrote:I found it! Its added to output chain filter by softether vpn to enable secure nat. Indeed its secure.
I'd recently have exactly the same issue on one of my servers
My first experience with SoftEther I believe :)

Not used to it, OpenVPN never ever add any iptables rules to your server so if it's not working then it's your own problem and you need to take a look on your iptables config. I'd even write an article about that, maybe it will be helpful for someone.

Post Reply