Hi
I have applied the following rules to my iptables:
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
but after it changes to something like this:
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- 130.158.6.120 anywhere
DROP all -- a104-86-110-74.deploy.static.akamaitechnologies.com anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- !127.63.239.108 !127.20.164.105 icmp port-unreachable connmark match !0x643651f3
DROP tcp -- !127.118.196.105 !127.147.220.99 tcp spts:61001:65535 flags:RST/RST connmark match !0x776e9f8e
Applying the rules again and restarting was not effective. So i stopped some services: httpd, named, dovecot, squid, vncserver, proftpd, postfix.
Nothing changed. It's my first experience and really i'm scared of rootkit and i tested some monitoring commands and rootkit scanners but shows nothing.
Welcome any suggestion ?
iptables changes suddenly by itself (SOLVED)
iptables changes suddenly by itself (SOLVED)
Last edited by amiredx on 2016/06/24 22:48:23, edited 2 times in total.
Re: iptables changes suddenly
Do you have something like fail2ban running?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: iptables changes suddenly
I know fail2ban is not installed. If you can guide me to similar softwares.
Re: iptables changes suddenly
How did you update the rules and did you save them after updating?
Re: iptables changes suddenly
I found it! Its added to output chain filter by softether vpn to enable secure nat. Indeed its secure.
Re: iptables changes suddenly
I'd recently have exactly the same issue on one of my serversamiredx wrote:I found it! Its added to output chain filter by softether vpn to enable secure nat. Indeed its secure.
My first experience with SoftEther I believe
Not used to it, OpenVPN never ever add any iptables rules to your server so if it's not working then it's your own problem and you need to take a look on your iptables config. I'd even write an article about that, maybe it will be helpful for someone.