[ale] iptables ruleset blocks external traffic... OUTPUT policy is ACCEPT
Adrya Stembridge
adrya.stembridge at gmail.com
Fri May 16 09:38:42 EDT 2014
My previous INPUT policy was ACCEPT. I'm attempting to limit access to a
machine to specific subnets (4.3.2.0/24), So I added a couple rules for
that (including one to allow LDAP traffic over port 636), then set the
INPUT policy to DROP. From that point on I can't access any external
content. The OUTPUT policy is ACCEPT. If I change the INPUT policy
back to ACCEPT, I can again access external content.
Here's the ruleset:
Chain INPUT (policy DROP 461 packets, 81259 bytes)
num pkts bytes target prot opt in out source
destination
1 11835 1095K fail2ban-SSH tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
2 2972K 1083M ACCEPT all -- * * 4.3.2.0/24
0.0.0.0/0
3 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:636
4 3747K 436M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 89676 packets, 26M bytes)
num pkts bytes target prot opt in out source
destination
Chain fail2ban-SSH (1 references)
num pkts bytes target prot opt in out source
destination
1 11776 1092K RETURN all -- * * 0.0.0.0/0
0.0.0.0/0
Any idea what in here could be causing the holdup?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140516/cb4a8426/attachment.html>
More information about the Ale
mailing list