Port problem on Firewall/iptables rules
Hello,
when I restart my firewall, all ports are closed for 30 minutes before taking into account the new firewall configuration. and I do not know why? this is my file config #!/bin/bash ## Règles iptables. ## On flush iptables. iptables -F ## On supprime toutes les chaînes utilisateurs. iptables -X ## On drop tout le trafic entrant. iptables -t filter -P INPUT DROP ## On drop tout le trafic sortant. iptables -t filter -P OUTPUT DROP ## On drop le forward. iptables -t filter -P FORWARD DROP # Ne pas casser les connexions etablies iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Autoriser loopback iptables -t filter -A INPUT -i lo -j ACCEPT iptables -t filter -A OUTPUT -o lo -j ACCEPT # Log Management if [ $"logEnabled" == "true" ] then log1='-j LOG \--log-prefix "IPTABLES NULL-SCAN:"' log2='-j LOG \--log-prefix "IPTABLES XMAS-SCAN:"' log3='-j LOG \--log-prefix "IPTABLES SYNFIN-SCAN:"' log4='-j LOG \--log-prefix "IPTABLES NMAP-XMAS-SCAN:"' log5='-j LOG \--log-prefix "IPTABLES FIN-SCAN:"' log6='-j LOG \--log-prefix "IPTABLES NMAP-ID:"' log7='-j LOG \--log-prefix "IPTABLES SYN-RST:"' log8='-j LOG \--log-prefix "IPTABLES SYN-FLOOD:"' log9='-j LOG \--log-prefix "IPTABLES PORT-SCAN:"' else log1='' log2='' log3='' log4='' log5='' log6='' log7='' log8='' log9='' fi # IP rules common to all servers ================================================================== ## NULL-SCAN / Flag sans option iptables -t filter -A INPUT -p tcp --tcp-flags ALL NONE $log1 iptables -t filter -A INPUT -p tcp --tcp-flags ALL NONE -j DROP ## XMAS-SCAN / Flag sans details iptables -t filter -A INPUT -p tcp --tcp-flags ALL ALL $log2 iptables -t filter -A INPUT -p tcp --tcp-flags ALL ALL -j DROP ## SYNFIN-SCAN / iptables -t filter -A INPUT -p tcp --tcp-flags ALL SYN,FIN $log3 iptables -t filter -A INPUT -p tcp --tcp-flags ALL SYN,FIN -j DROP ## NMAP-XMAS-SCAN iptables -t filter -A INPUT -p tcp --tcp-flags ALL URG,PSH,FIN $log4 iptables -t filter -A INPUT -p tcp --tcp-flags ALL URG,PSH,FIN -j DROP ## FIN-SCAN iptables -t filter -A INPUT -p tcp --tcp-flags ALL FIN $log5 iptables -t filter -A INPUT -p tcp --tcp-flags ALL FIN -j DROP ## NMAP-ID iptables -t filter -A INPUT -p tcp --tcp-flags ALL URG,PSH,SYN,FIN $log6 iptables -t filter -A INPUT -p tcp --tcp-flags ALL URG,PSH,SYN,FIN -j DROP ## SYN-RST iptables -t filter -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST $log7 iptables -t filter -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP ## SYN-FLOODING iptables -t filter -N syn-flood iptables -t filter -A INPUT -i eth0 -p tcp --syn -j syn-flood iptables -t filter -A syn-flood -m limit --limit 1/sec --limit-burst 4 -j RETURN iptables -t filter -A syn-flood $log8 iptables -t filter -A syn-flood -j DROP ## Make sure NEW tcp connections are SYN packets iptables -t filter -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW $log8 iptables -t filter -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j DROP ## port scaner iptables -t filter -N port-scan iptables -t filter -A INPUT -i eth0 -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j port-scan iptables -t filter -A port-scan -m limit --limit 1/s --limit-burst 4 -j RETURN iptables -t filter -A port-scan $log9 iptables -t filter -A port-scan -j DROP ## Dropper silencieusement tous les paquets broadcastes iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP iptables -A INPUT -m state --state NEW -m tcp -s 192.168.45.1 -p tcp -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -s 192.123.88.3 -p tcp -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -s 212.345.34.1 -p tcp --dport 22 -j ACCEPT # On bloque certaines requetes iptables -I INPUT -p tcp --dport 80 -m string --string 'GET http' --algo bm -j REJECT iptables -I INPUT -p tcp --dport 80 -m string --string 'CACHEBUSTER' --algo bm -j REJECT iptables -I INPUT -p tcp --dport 80 -m string --string 'CONNECT' --algo bm -j REJECT iptables -I INPUT -p tcp --dport 80 -m string --string 'GET /blog/xmlrpc.php' --algo bm -j REJECT iptables -I INPUT -p tcp --dport 80 -m string --string 'POST /blog/xmlrpc.php' --algo bm -j REJECT # Drop empty packets iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP Thanks |
Try removing all that -t filter from your rules. It isn't needed.
After you started your rules what does the output look like Code:
iptables -nvL [ CODE ] your code [ /CODE ] remove the spaces between the brackets. |
Quote:
Quote:
Code:
iptables-save Quote:
|
All times are GMT -5. The time now is 03:41 PM. |