Find the answer to your Linux question:
Results 1 to 7 of 7
I'm a beginner to iptables but I would like to know if all these drops are normals ? Some people from countries can not access to my web site ! ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2010
    Posts
    3

    iptables to many drops !


    I'm a beginner to iptables but I would like to know if all these drops are normals ?
    Some people from countries can not access to my web site !

    Code:
    # iptables -vnL INPUT 
     pkts bytes target     prot opt in     out     source               destination
        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
        0     0 DROP       all  --  *      *       1.0.0.0/8            0.0.0.0/0
        0     0 DROP       all  --  *      *       2.0.0.0/8            0.0.0.0/0
        0     0 DROP       all  --  *      *       5.0.0.0/8            0.0.0.0/0
        0     0 DROP       all  --  *      *       23.0.0.0/8           0.0.0.0/0
        0     0 DROP       all  --  *      *       27.0.0.0/8           0.0.0.0/0
        0     0 DROP       all  --  *      *       31.0.0.0/8           0.0.0.0/0
        0     0 DROP       all  --  *      *       36.0.0.0/8           0.0.0.0/0
        0     0 DROP       all  --  *      *       37.0.0.0/8           0.0.0.0/0
        0     0 DROP       all  --  *      *       39.0.0.0/8           0.0.0.0/0
        0     0 DROP       all  --  *      *       42.0.0.0/8           0.0.0.0/0
        0     0 DROP       all  --  *      *       46.0.0.0/8           0.0.0.0/0
        0     0 DROP       all  --  *      *       94.0.0.0/8           0.0.0.0/0
        0     0 DROP       all  --  *      *       95.0.0.0/8           0.0.0.0/0
        0     0 DROP       all  --  *      *       100.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       101.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       102.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       103.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       104.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       105.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       106.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       107.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       108.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       110.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       111.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       112.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       113.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       114.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       115.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       173.0.0.0/8          0.0.0.0/0
        2    96 DROP       all  --  *      *       174.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       175.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       176.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       177.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       178.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       179.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       180.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       181.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       182.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       183.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       184.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       185.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       186.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       187.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       197.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       223.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       240.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       241.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       242.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       243.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       244.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       245.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       246.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       247.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       248.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       249.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       250.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       251.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       252.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       253.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       254.0.0.0/8          0.0.0.0/0
        0     0 DROP       all  --  *      *       255.0.0.0/8          0.0.0.0/0
    Thanks for your help...

  2. #2
    Just Joined!
    Join Date
    Jul 2010
    Posts
    53
    no that does not look normal

    if you don't know iptables - maybe it would be simpler to use the tcp_wrapper features and /etc/hosts.allow /etc/hosts.deny

    if only access you want to control is to your website - then the authorization controls for your web server should be enough?

  3. #3
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    this is pretty odd. this machine would block packets almost from all existing ip addresses except few subnets like the 224.*.*.* or 225.*.*.* ... anyhow not what a server should do unless you are in china.

    seriously, if you didn't set these things or took the server administration over from another one, consider to check for rootkits and if it is hard, consider to flush and re-install the machine. this looks REALLY suspicious, even if it may be perfectly wanted behaviour that we due to lack of information can't comprehend.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jul 2010
    Posts
    3
    Thanks for your reply

    I deleted few lines e.g
    Code:
    iptables -D INPUT 2
    iptables -D INPUT 3
    iptables -D INPUT 4
    iptables -D INPUT 5
    ...
    But each time I start APF with /usr/local/sbin/apf -s these lines come back !!!

    So I went to internals/.apf.restore and I found
    Code:
    -A INPUT -s 1.0.0.0/255.0.0.0 -j DROP 
    -A INPUT -s 2.0.0.0/255.0.0.0 -j DROP 
    -A INPUT -s 5.0.0.0/255.0.0.0 -j DROP 
    -A INPUT -s 23.0.0.0/255.0.0.0 -j DROP
    ...
    -A OUTPUT -d 1.0.0.0/255.0.0.0 -j DROP 
    -A OUTPUT -d 2.0.0.0/255.0.0.0 -j DROP 
    -A OUTPUT -d 5.0.0.0/255.0.0.0 -j DROP 
    -A OUTPUT -d 23.0.0.0/255.0.0.0 -j DROP 
    ...
    How can I delete forever these lines from APF restore ?

    Thanks for your help...

  6. #5
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    nice, you figured out the source of misconfiguration. next step is to configure the thingy properly. the configuration file should be there:

    Code:
    /etc/apf/conf.apf
    look up the man pages and web resources how to configure it.

  7. #6
    Just Joined!
    Join Date
    Jul 2010
    Posts
    3
    Quote Originally Posted by Kloschüssel View Post
    nice, you figured out the source of misconfiguration. next step is to configure the thingy properly. the configuration file should be there:

    Code:
    /etc/apf/conf.apf
    look up the man pages and web resources how to configure it.
    Thanks...
    Can I send to you my conf.apf to see if you find anything strange ?
    I'm a very beginner with this and I don't understand all the rules

  8. #7
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    If you can pay the bill.

    Seriously: I'm busy for the next 36 hours. No can do until then. Maybe later, but can't promise that. You may learn something on your own. It's fun and makes you wiser!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •