i want to account all traffic by port, my current firewall configuration Drops all traffic. using this i am unable to calculate my by protocol.
root# iptables -L -v
Chain INPUT (policy DROP 8 packets, 557 bytes)
pkts bytes target prot opt in out source destination
265K 151M CM-INPUT 0 -- any any anywhere anywhere
0 0 ACCEPT tcp -- eth2 any anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:webcache
0 0 ACCEPT tcp -- eth0 any anywhere anywhere tcp spt:http state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 any anywhere anywhere tcp spt:hosts2-ns state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- any any 10.10.10.0/24 example.com icmp echo-request
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
50276 18M CM-INPUT 0 -- any any anywhere anywhere
0 0 ACCEPT tcp -- any any 10.10.10.0/24 example.com state NEW,RELATED,ESTABLISHED tcp dpt:webcache
0 0 ACCEPT tcp -- any any 10.10.10.0/24 example.com state NEW,RELATED,ESTABLISHED tcp dpt:webcache
Chain OUTPUT (policy ACCEPT 197K packets, 136M bytes)
pkts bytes target prot opt in out source destination
102K 19M ACCEPT tcp -- any eth0 anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:http
0 0 ACCEPT tcp -- any eth0 anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:hosts2-ns
0 0 ACCEPT tcp -- any eth2 anywhere anywhere tcp spt:http state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any eth2 anywhere anywhere tcp spt:hosts2-ns state RELATED,ESTABLISHED
Chain CM-INPUT (2 references)
pkts bytes target prot opt in out source destination
4879 809K ACCEPT 0 -- lo any anywhere anywhere
20218 2433K ACCEPT 0 -- any any 10.10.10.0/24 anywhere state NEW
288K 165M ACCEPT 0 -- any any anywhere anywhere state RELATED,ESTABLISHED
322 10194 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ftp
0 0 ACCEPT gre -- any any anywhere anywhere
0 0 ACCEPT l2tp -- any any anywhere anywhere
0 0 ACCEPT tlsp -- any any anywhere anywhere
0 0 ACCEPT esp -- any any anywhere anywhere
35 1448 ACCEPT tcp -- any any anywhere anywhere tcp dpt:webcache
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:webcache
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:hosts2-ns
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:hosts2-ns
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:tproxy:8090
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:submission
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt
op3s
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt
op3s
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:smtps
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:465
0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:tproxy:8090
If i remove the following rule from firewall, then it stops working.
$IPTABLES -P INPUT DROP;
$IPTABLES -P FORWARD DROP;
$IPTABLES -N CM-INPUT;
$IPTABLES -A INPUT -j CM-INPUT
$IPTABLES -A FORWARD -j CM-INPUT
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -A CM-INPUT -i lo -j ACCEPT
$IPTABLES -A CM-INPUT -s 10.10.10.0/24 -m state --state NEW -j ACCEPT
$IPTABLES -A CM-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A CM-INPUT -p icmp -m icmp --icmp-type ping -j ACCEPT
$IPTABLES -A CM-INPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A CM-INPUT -s 10.10.20.0/24 -d 10.10.10.0/24 -j ACCEPT
$IPTABLES -A CM-INPUT -s 10.10.10.0/24 -d 10.10.20.0/24 -j ACCEPT
...
....
....
....
if i remove or disable
$IPTABLES -A CM-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
then firewall stops responding
can any one figure out the problem .
thanks