• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Changing iptables locks server

J

jwdick

Guest
OS: Redhat 9
Linux 2.4.20-021

/etc/sysconfig/iptables is present

When I run the following script to change my firewall settings ( which are non-existent now ), it echos that ipforwarding has been disabled, then the script hangs and the server locks and has to be rebooted.

lsmod is not on my system so I cannot check what modules have been loaded

The script I run is:
#!/bin/sh
#
#

set -e

if [ -r /proc/sys/net/ipv4/ip_forward ]; then
echo "Disabling IP forwarding"
echo "0" > /proc/sys/net/ipv4/ip_forward
fi

/sbin/iptables -F

/sbin/iptables -X

/sbin/iptables -Z

/sbin/iptables -P INPUT DROP

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A INPUT -m state --state INVALID -j DROP

/sbin/iptables -P OUTPUT DROP

/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP

/sbin/iptables -P FORWARD DROP

/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A FORWARD -m state --state INVALID -j DROP

/sbin/iptables -A INPUT -i lo -j ACCEPT

/sbin/iptables -A OUTPUT -o lo -j ACCEPT

/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 8880 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 106 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 5432 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 9008 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 9080 -j ACCEPT

/sbin/iptables -A INPUT -p udp --dport 137 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 138 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 139 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 445 -j ACCEPT

/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT

/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT

/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -s 12.214.251.53 -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j DROP

/sbin/iptables -A INPUT -j ACCEPT

/sbin/iptables -A OUTPUT -j ACCEPT

/sbin/iptables -A FORWARD -j DROP

# End of script
#


Any help would be appreciated

Jack
 
Back
Top