Re: How to know if iptables is running?
Posted: Fri Oct 30, 2015 1:40 pm
iptables not a standrt linux servce and hard to say, how much time it's works.
There is no solution yet.
There is no solution yet.
Community Forum
https://forum.vestacp.com/
Code: Select all
iptables -L -n
Code: Select all
-$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-ssh
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
~$ sudo iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-SSH
-N fail2ban-VESTA
-N fail2ban-ssh
-N vesta
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-VESTA
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s IP*** -j ACCEPT
-A INPUT -s IP*** -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 110 -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 5432 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8433 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8083 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 12000:12100 -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fail2ban-SSH -j RETURN
-A fail2ban-VESTA -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
Code: Select all
~$ service iptables start
iptables: unrecognized service
Code: Select all
~$ sudo ufw status
Status: inactive
drabello wrote:Same problem here, I'm not sure if it's working or not.
Code: Select all
v-restart-service iptables
iptables it's not linux service, so we can't say how much hours it worked.edica wrote:I do not understand.
In Control Panel Vesta, iptables is always: Uptime: 0 minutes.
Sry, I did not understand, is it running or not?Code: Select all
v-restart-service iptables
Code: Select all
v-restart-service iptables
How about in Ubuntu?skamasle wrote:In centos you can install iptables-services package and then you can use service iptables status and service iptables restart / stop / start etc
Code: Select all
[root@domain~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor pre set: disabled)
Active: active (exited) since Fri 2017-10-13 00:08:36 +08; 17h ago
Main PID: 445 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
Oct 13 00:08:35 domain.com systemd[1]: Starting IPv4 firewall with iptabl....
Oct 13 00:08:36 domain.com iptables.init[445]: iptables: Applying firewall...
Oct 13 00:08:36 domain.com systemd[1]: Started IPv4 firewall with iptables.