• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

firewall blocks everything but ssh

michaellunsford

Regular Pleskian
when iptables service is turned on, everything is blocked except ssh. I tried getting plesk to redo the iptables with the plesk firewall utility, but it's still blocking everything when I turn iptables back on.

I can get around in linux okay, but I'm no expert. Anyone know what's amiss in the config? Here's what it looks like. If you see the problem, I'll also need to know how to repair it. My guess is the "to" and "from" ip adresses are 0.0.0.0 and I'm thinking it should be from 0.0.0.0 to 255.255.255.255. Thoughts?

Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination

Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
3 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8880
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
9 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
17 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:106
19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
20 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
21 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9008
22 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9080
23 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
24 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
25 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
26 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
27 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
28 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
30 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0
31 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
3 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
5 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
3 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
 
Back
Top