Code: Select all
sudo cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Thu Apr 16 02:07:43 2015
*security
:INPUT ACCEPT [891:82014]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [818:247489]
COMMIT
# Completed on Thu Apr 16 02:07:43 2015
# Generated by iptables-save v1.4.21 on Thu Apr 16 02:07:43 2015
*raw
:PREROUTING ACCEPT [906:82798]
:OUTPUT ACCEPT [818:247489]
COMMIT
# Completed on Thu Apr 16 02:07:43 2015
# Generated by iptables-save v1.4.21 on Thu Apr 16 02:07:43 2015
*nat
:PREROUTING ACCEPT [40:2120]
:INPUT ACCEPT [25:1336]
:OUTPUT ACCEPT [20:1472]
:POSTROUTING ACCEPT [20:1472]
COMMIT
# Completed on Thu Apr 16 02:07:43 2015
# Generated by iptables-save v1.4.21 on Thu Apr 16 02:07:43 2015
*mangle
:PREROUTING ACCEPT [906:82798]
:INPUT ACCEPT [906:82798]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [818:247489]
:POSTROUTING ACCEPT [818:247489]
COMMIT
# Completed on Thu Apr 16 02:07:43 2015
# Generated by iptables-save v1.4.21 on Thu Apr 16 02:07:43 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:f2b-SSH - [0:0]
-A INPUT -p tcp -m tcp --dport 2222 -j f2b-SSH
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2222 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -j ACCEPT
-A f2b-SSH -j RETURN
COMMIT
# Completed on Thu Apr 16 02:07:43 2015
Code: Select all
sudo iptables -L
[sudo] password for kiken:
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-SSH tcp -- anywhere anywhere tcp dpt:EtherNet/IP-1
f2b-SSH tcp -- anywhere anywhere tcp dpt:EtherNet/IP-1
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:EtherNet/IP-1
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain f2b-SSH (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
What am I doing wrong here?