iptables
Posted: Sun Jul 15, 2018 3:16 pm
Домен в Зоне .РФ
Поддержка Lets Encrypt
Сайт не видится.....
думаю не пускает iptables.
Помогите пожалуйста разобраться...
Не открывает тоже (
мб ДНС какие на .РФ дописать ?
Яндекс ДНС
Поддержка Lets Encrypt
Сайт не видится.....
думаю не пускает iptables.
Помогите пожалуйста разобраться...
Code: Select all
[root@k ~]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Вс 2018-07-15 17:13:52 MSK; 1h 5min ago
Process: 2361 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=1/FAILURE)
Process: 2468 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 2468 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
июл 15 17:13:52 k.78city.ru systemd[1]: Starting IPv4 firewall with iptables...
июл 15 17:13:52 k.78city.ru iptables.init[2468]: iptables: Applying firewall rules: [ OK ]
июл 15 17:13:52 k.78city.ru systemd[1]: Started IPv4 firewall with iptables.
Code: Select all
[root@k ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-VESTA tcp -- anywhere anywhere tcp dpt:us-srv
fail2ban-MAIL tcp -- anywhere anywhere multiport dports smtp,urd,submission,ms-v-worlds,pop3,pop3s,imap,imaps
fail2ban-FTP tcp -- anywhere anywhere tcp dpt:ftp
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- k.78city.ru anywhere
ACCEPT all -- k anywhere
ACCEPT all -- localhost anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere multiport dports http,https
ACCEPT tcp -- anywhere anywhere multiport dports ftp,entextxid:12100
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission,ms-v-worlds
ACCEPT tcp -- anywhere anywhere multiport dports pop3,pop3s
ACCEPT tcp -- anywhere anywhere multiport dports imap,imaps
ACCEPT tcp -- anywhere anywhere multiport dports mysql,postgres
ACCEPT tcp -- anywhere anywhere tcp dpt:us-srv
ACCEPT icmp -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (3 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDO_public (3 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere
Chain FWDO_public_allow (1 references)
target prot opt source destination
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (0 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (0 references)
target prot opt source destination
Chain INPUT_direct (0 references)
target prot opt source destination
Chain IN_public (3 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
Chain fail2ban-FTP (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-MAIL (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-VESTA (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain vesta (0 references)
target prot opt source destination
Code: Select all
[root@k ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
Яндекс ДНС