| Linode Forum https://forum.linode.com/ |
|
| How to Audit What Gets Added To IPTABLES? https://forum.linode.com/viewtopic.php?f=19&t=11439 |
Page 1 of 1 |
| Author: | JohnLamar [ Mon Nov 24, 2014 2:45 pm ] |
| Post subject: | How to Audit What Gets Added To IPTABLES? |
I have an issue where only my home's IP keeps getting added as a drop all rule after visiting a few pages of one of my sites. I do have fail2ban running, but there is nothing in those logs and a grep of my IP against the log files gives me nothing that would make me think I've done something bannable by my own server. Considering this happens visiting Wordpress sites I think I'm tripping something in Apache, but those logs show nothing either (PHP errors did block me before because of a misconfiguration I fixed). My only other thought is that I do have a home server that relays mail through my linode, though this is just logwatch reports and maybe there is an issue there. Regardless, it's hard to diagnose because I can't tell what is giving IPTABLES this rule. Even trying to do a base allow all from my IP gets trumped by this rule that gets generated out of nowhere (seemingly nowhere). I've tried some Google-Fu, but it mostly leads me to rules for IPTABLES that will generate audits of blocks/connections/etc - not a way to find out what is affecting the rules themselves. So basically, I'm here for any suggestions. I've tried even removing fail2ban and lessening some of my other rules and it still happens - so I'm inclined thus far to say this isn't the cause. Help? |
|
| Author: | ingber [ Wed Nov 26, 2014 4:28 pm ] |
| Post subject: | Re: How to Audit What Gets Added To IPTABLES? |
You might try putting your home IP into /etc/hosts.allow ALL: XXX.XXX.XXX.XXX This doesn't "solve" whatever is causing the problem, but it likely will avoid the problem? |
|
| Author: | vonskippy [ Wed Nov 26, 2014 4:55 pm ] |
| Post subject: | Re: How to Audit What Gets Added To IPTABLES? |
IPTABLES rules occur BEFORE hosts.allow, so whitelisting his home IP in hosts.allow will NOT solve an IPTABLES problem. Nothing in a default LAMP stack will auto-entry IP's to be blocked. Fail2ban is more PITA then security - lose that COMPLETELY and see what happens. Might get more responses if you actually post some of your config files (like IPTABLES rules, fail2ban config, etc). |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|