View Single Post
  #11  
Old 20th September 2011, 11:42
emanation emanation is offline
Junior Member
 
Join Date: Sep 2011
Posts: 15
Thanks: 3
Thanked 0 Times in 0 Posts
Default

exactly. I can open all sites from server, use SSH and receive/send mail by POP/SMTP while IPSConfig panel is blocked for me.

Right now it happens again. I don't suppose that IPSCOnfig is blocked because all sites are working well.
do you interesting in
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
TMP_DROP   all  --  anywhere             anywhere
TALLOW     all  --  anywhere             anywhere
TDENY      all  --  anywhere             anywhere
TGALLOW    all  --  anywhere             anywhere
TGDENY     all  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere            tcp dpts:epmap:netbios-ssn
DROP       udp  --  anywhere             anywhere            udp dpts:epmap:netbios-ssn
DROP       tcp  --  anywhere             anywhere            tcp dpt:sunrpc
DROP       udp  --  anywhere             anywhere            udp dpt:sunrpc
DROP       tcp  --  anywhere             anywhere            tcp dpt:login
DROP       udp  --  anywhere             anywhere            udp dpt:who
DROP       tcp  --  anywhere             anywhere            tcp dpt:efs
DROP       udp  --  anywhere             anywhere            udp dpt:router
DROP       tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds
DROP       udp  --  anywhere             anywhere            udp dpt:microsoft-ds
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-s
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-s
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-m
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-m
DROP       tcp  --  anywhere             anywhere            tcp dpt:search-agent
DROP       udp  --  anywhere             anywhere            udp dpt:search-agent
DROP       tcp  --  anywhere             anywhere            tcp dpt:ingreslock
DROP       udp  --  anywhere             anywhere            udp dpt:ingreslock
DROP       tcp  --  anywhere             anywhere            tcp dpt:ctx-bridge
DROP       udp  --  anywhere             anywhere            udp dpt:ctx-bridge
IN_SANITY  all  --  anywhere             anywhere
FRAG_UDP   all  --  anywhere             anywhere
PZERO      all  --  anywhere             anywhere
P2P        all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:omirr
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ftp
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable limit: avg 60/sec burst 5
ACCEPT     icmp --  anywhere             anywhere            icmp redirect limit: avg 60/sec burst 5
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded limit: avg 60/sec burst 5
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply limit: avg 60/sec burst 5
ACCEPT     icmp --  anywhere             anywhere            icmp type 30 limit: avg 60/sec burst 5
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request limit: avg 60/sec burst 5
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     udp  --  rs1.service.softlayer.com  anywhere            udp spt:domain dpts:1023:65535
ACCEPT     tcp  --  rs1.service.softlayer.com  anywhere            tcp spt:domain dpts:1023:65535
DROP       tcp  --  anywhere             anywhere            tcp spt:domain dpts:1023:65535
DROP       udp  --  anywhere             anywhere            udp spt:domain dpts:1023:65535
ACCEPT     udp  --  10.0.80.12           anywhere            udp spt:domain dpts:1023:65535
ACCEPT     tcp  --  rs2.service.softlayer.com  anywhere            tcp spt:domain dpts:1023:65535
DROP       tcp  --  anywhere             anywhere            tcp spt:domain dpts:1023:65535
DROP       udp  --  anywhere             anywhere            udp spt:domain dpts:1023:65535
ACCEPT     tcp  --  anywhere             anywhere            tcp spts:1023:65535 dpt:ftp state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ssh dpts:login:65535 state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spts:1024:65535 dpt:ssh flags:FIN,SYN,RST,ACK/SYN state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ssh state ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpts:traceroute:33534
DROP       tcp  --  anywhere             anywhere
DROP       udp  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
TMP_DROP   all  --  anywhere             anywhere
TALLOW     all  --  anywhere             anywhere
TDENY      all  --  anywhere             anywhere
TGALLOW    all  --  anywhere             anywhere
TGDENY     all  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere            tcp dpts:epmap:netbios-ssn
DROP       udp  --  anywhere             anywhere            udp dpts:epmap:netbios-ssn
DROP       tcp  --  anywhere             anywhere            tcp dpt:sunrpc
DROP       udp  --  anywhere             anywhere            udp dpt:sunrpc
DROP       tcp  --  anywhere             anywhere            tcp dpt:login
DROP       udp  --  anywhere             anywhere            udp dpt:who
DROP       tcp  --  anywhere             anywhere            tcp dpt:efs
DROP       udp  --  anywhere             anywhere            udp dpt:router
DROP       tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds
DROP       udp  --  anywhere             anywhere            udp dpt:microsoft-ds
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-s
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-s
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-m
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-m
DROP       tcp  --  anywhere             anywhere            tcp dpt:search-agent
DROP       udp  --  anywhere             anywhere            udp dpt:search-agent
DROP       tcp  --  anywhere             anywhere            tcp dpt:ingreslock
DROP       udp  --  anywhere             anywhere            udp dpt:ingreslock
DROP       tcp  --  anywhere             anywhere            tcp dpt:ctx-bridge
DROP       udp  --  anywhere             anywhere            udp dpt:ctx-bridge
OUT_SANITY  all  --  anywhere             anywhere
FRAG_UDP   all  --  anywhere             anywhere
PZERO      all  --  anywhere             anywhere
P2P        all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             rs1.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT     tcp  --  anywhere             rs1.service.softlayer.com tcp spts:1023:65535 dpt:domain
ACCEPT     udp  --  anywhere             rs1.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT     tcp  --  anywhere             rs1.service.softlayer.com tcp spts:1023:65535 dpt:domain
ACCEPT     udp  --  anywhere             rs2.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT     tcp  --  anywhere             10.0.80.12          tcp spts:1023:65535 dpt:domain
ACCEPT     udp  --  anywhere             rs2.service.softlayer.com udp spts:1023:65535 dpt:domain
ACCEPT     tcp  --  anywhere             10.0.80.12          tcp spts:1023:65535 dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ftp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpts:traceroute:33534
ACCEPT     all  --  anywhere             anywhere

Chain FRAG_UDP (2 references)
target     prot opt source               destination
DROP       udp  -f  anywhere             anywhere

Chain IN_SANITY (1 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,RST/FIN,RST
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,ACK/FIN
DROP       tcp  --  anywhere             anywhere            tcp flags:ACK,URG/URG
DROP       tcp  --  anywhere             anywhere            tcp flags:PSH,ACK/PSH
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN

Chain OUT_SANITY (1 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,RST/FIN,RST
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,ACK/FIN
DROP       tcp  --  anywhere             anywhere            tcp flags:PSH,ACK/PSH
DROP       tcp  --  anywhere             anywhere            tcp flags:ACK,URG/URG

Chain P2P (2 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            tcp dpt:kazaa reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:kazaa dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:kazaa reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:kazaa dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:3d-nfsd reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:3d-nfsd dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:3d-nfsd reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:3d-nfsd dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spts:1024:65534 dpts:smaclmgr:traversal reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spts:smaclmgr:traversal dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpts:smaclmgr:traversal reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:smaclmgr:traversal dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:6257 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:6257 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:6257 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:6257 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:6699 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:6699 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:6699 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:6699 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:gnutella-rtr reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:gnutella-rtr dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:gnutella-rtr reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:gnutella-rtr dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spts:1024:65534 dpts:6881:6889 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spts:6881:6889 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpts:6881:6889 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:6881:6889 dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:gnutella-svc reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:interwise reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp spt:interwise dpts:1024:65534 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:interwise reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp spt:interwise dpts:1024:65534 reject-with icmp-port-unreachable

Chain PROHIBIT (0 references)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain PZERO (2 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp dpt:spr-itunes
DROP       udp  --  anywhere             anywhere            udp dpt:0
DROP       tcp  --  anywhere             anywhere            tcp spt:spr-itunes
DROP       udp  --  anywhere             anywhere            udp spt:0

Chain RESET (0 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset

Chain TALLOW (2 references)
target     prot opt source               destination
ACCEPT     all  --  66.228.118.0-static.reverse.networklayer.com/23  anywhere
ACCEPT     all  --  anywhere             66.228.118.0-static.reverse.networklayer.com/23
ACCEPT     all  --  173.192.118.0-static.reverse.softlayer.com/23  anywhere
ACCEPT     all  --  anywhere             173.192.118.0-static.reverse.softlayer.com/23
ACCEPT     all  --  67.228.118.0-static.reverse.networklayer.com/23  anywhere
ACCEPT     all  --  anywhere             67.228.118.0-static.reverse.networklayer.com/23
ACCEPT     all  --  208.43.118.0-static.reverse.networklayer.com/23  anywhere
ACCEPT     all  --  anywhere             208.43.118.0-static.reverse.networklayer.com/23

Chain TDENY (2 references)
target     prot opt source               destination

Chain TGALLOW (2 references)
target     prot opt source               destination

Chain TGDENY (2 references)
target     prot opt source               destination

Chain TMP_DROP (2 references)
target     prot opt source               destination
[root@joomla etc]# iptables --flush
after iptables --flush I get access to IPSConfig.

Last edited by emanation; 20th September 2011 at 11:48.
Reply With Quote
Sponsored Links