What does it mean if i changed iptables...

[xsiyum]

Hi

I have VZ container (VPS) and PP version 11.0.9 running on CentOS 6.4.
I changed iptables rules that control the access to http and https port 80 and 443 by Denying all IPs and Allowing only my static IP. Problem is, i can still access these ports using different IP address than my static IP. What does that mean? is it a ghost firewall!!

 

[Faris Raouf]

Use:
iptables -v -n -L

... to see what rules are actually loaded.

Why not copy and paste the rules so we can have a look and maybe spot what's wrong?

 

[xsiyum]

Hi Faris

Thanks for your reply.
I run the command and it's loaded successfully.
following are the rules stored on /etc/sysconfig/iptables :

# Generated by iptables-save v1.4.7 on Wed Nov 13 21:02:40 2013
*mangle
REROUTING ACCEPT [1:77]
:INPUT ACCEPT [1:77]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:233]
OSTROUTING ACCEPT [2:233]
COMMIT
# Completed on Wed Nov 13 21:02:40 2013
# Generated by iptables-save v1.4.7 on Wed Nov 13 21:02:40 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset
-A INPUT -m state --state INVALID -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 12443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 11443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 11444 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8447 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8880 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -s [IP ADDRESS] -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -s [IP ADDRESS] -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 106 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9008 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -j ACCEPT
-A INPUT -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
-A INPUT -j DROP