Firewall Adding to Wrong IPTables Chain
Posted: Tue Sep 22, 2015 7:26 pm
Hello,
Every time I enable Vesta's iptables, it places the rules in the wrong chain, as you can see below:
When I enable the firewall, it also restricts access to all the websites. I imagine that is because all these rules are being added to the INPUT chain, which has the policy "DROP". They should be accepting.
How can this be fixed? I tried "v-update-firewall", and it only re-enabled the firewall and places the rules in the wrong chain once again.
Every time I enable Vesta's iptables, it places the rules in the wrong chain, as you can see below:
Code: Select all
$:/usr/local/vesta/bin# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:7777
ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client
ACCEPT tcp -- anywhere anywhere tcp dpt:9090
ACCEPT udp -- anywhere anywhere multiport dports 8000:8001
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere multiport dports ftp,12000:12100
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission,2525
ACCEPT tcp -- anywhere anywhere multiport dports pop3,pop3s
ACCEPT tcp -- anywhere anywhere multiport dports imap2,imaps
ACCEPT tcp -- anywhere anywhere multiport dports mysql,postgresql
ACCEPT tcp -- anywhere anywhere tcp dpt:8083
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- 10.10.10.7 anywhere
ACCEPT all -- localhost anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp spt:https
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT udp -- anywhere anywhere udp spt:ntp
ACCEPT tcp -- anywhere anywhere tcp spt:imap2
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
ACCEPT tcp -- anywhere anywhere tcp spt:postgresql
ACCEPT udp -- anywhere anywhere udp spt:http-alt
ACCEPT tcp -- anywhere anywhere tcp spt:8433
ACCEPT tcp -- anywhere anywhere tcp spt:8083
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12100
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain vesta (0 references)
target prot opt source destinationHow can this be fixed? I tried "v-update-firewall", and it only re-enabled the firewall and places the rules in the wrong chain once again.