Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp (SSH) ALLOW IN Anywhere
224.0.0.251 5353/udp (mDNS) ALLOW IN Anywhere
21 ALLOW IN Anywhere
22/tcp (SSH (v6)) ALLOW IN Anywhere (v6)
ff02::fb 5353/udp (mDNS) ALLOW IN Anywhere (v6)
21 (v6) ALLOW IN Anywhere (v6)
[root@******* ~]# iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW reject-with tcp-reset
3 DROP all -- anywhere anywhere state INVALID
4 ACCEPT all -- anywhere anywhere
5 ACCEPT tcp -- anywhere anywhere tcp dpt:12443
6 ACCEPT tcp -- anywhere anywhere tcp dpt:11443
7 ACCEPT tcp -- anywhere anywhere tcp dpt:11444
8 ACCEPT tcp -- anywhere anywhere tcp dpt:8447
9 ACCEPT tcp -- anywhere anywhere tcp dpt:pcsync-https
10 ACCEPT tcp -- anywhere anywhere tcp dpt:cddbp-alt
11 ACCEPT tcp -- anywhere anywhere tcp dpt:http
12 ACCEPT tcp -- anywhere anywhere tcp dpt:https
13 ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
14 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
15 ACCEPT tcp -- anywhere anywhere tcp dpt:submission
16 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
17 ACCEPT tcp -- anywhere anywhere tcp dpt:urd
18 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
19 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
20 ACCEPT tcp -- anywhere anywhere tcp dpt:imap
21 ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
22 ACCEPT tcp -- anywhere anywhere tcp dpt:poppassd
23 ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
24 ACCEPT tcp -- anywhere anywhere tcp dpt:postgres
25 ACCEPT tcp -- anywhere anywhere tcp dpt:ogs-server
26 ACCEPT tcp -- anywhere anywhere tcp dpt:glrpc
27 ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns
28 ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm
29 ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn
30 ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds
31 ACCEPT udp -- anywhere anywhere udp dpt:openvpn
32 ACCEPT udp -- anywhere anywhere udp dpt:domain
33 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
34 ACCEPT icmp -- anywhere anywhere icmptype 8 code 0
35 ACCEPT all -- anywhere anywhere
Chain FORWARD (policy DROP)
num target prot opt source destination
1 DOCKER-USER all -- anywhere anywhere
2 DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
4 DOCKER all -- anywhere anywhere
5 ACCEPT all -- anywhere anywhere
6 ACCEPT all -- anywhere anywhere
7 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
8 REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW reject-with tcp-reset
9 DROP all -- anywhere anywhere state INVALID
10 ACCEPT all -- anywhere anywhere
11 DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW reject-with tcp-reset
3 DROP all -- anywhere anywhere state INVALID
4 ACCEPT all -- anywhere anywhere
5 ACCEPT all -- anywhere anywhere
Chain DOCKER (1 references)
num target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
num target prot opt source destination
1 DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
2 RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
num target prot opt source destination
1 DROP all -- anywhere anywhere
2 RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere
iptables -S
... INPUT ... -m state --state NEW,ESTABLISHED -j ACCEPT ...
... OUTPUT ... -m state --state ESTABLISHED -j ACCEPT ...
... INPUT ... -m state --state ESTABLISHED -j ACCEPT ...
... OUTPUT ... -m state --state NEW,ESTABLISHED -j ACCEPT ...
"RELATED" oznacza, że pakiet rozpoczyna nowe połączenie, ale jest powiązany z istniejącym połączeniem, takim jak transfer danych FTP lub błąd ICMP.To czy dana usluga potrzebuje tego, mozna sprawdzic podsluchujac aplikacje/ usluge lub stan polaczen podczas normalnej pracy.
Próbowałam zmienić poilcy z DROP na ACCEPT, zmieniło się, ale nie odblokowało dostępuMamy zgadywac czego "ACCEPT" dotyczylo i ze napewno mialo rozwiazac problem, ale nie pomoglo?