Yeah, got a new server again. It is becoming a yearly ritual ;-) Of course something went wrong this time. I want to use IPtables as firewall (I do not use IPSconfig, but WebMin and VirtualMin). What is wrong with these rules? My server was not responding on pings anymore after reboot and IPtables was the problem previous reboot as well.. These rules are applied in this order. If needed I can show you what the exact IPtables config is after applying these, with GUI created, rules. IPtables didn't log anything into messages. The only big difference in the succesful 'system halt' and not succesful reboot is: shutdown[3213]: shutting down for system halt init: Switching to runlevel: 0 and shutdown[15663]: shutting down for system reboot init: Switching to runlevel: 6 TIA! Incoming packets (INPUT) Action Condition Accept If input interface is not eth0 Accept If protocol is TCP and TCP flags ACK (of ACK) are set Accept If state of connection is ESTABLISHED Accept If state of connection is RELATED Accept If protocol is UDP and destination port is 1024:65535 and source port is 53 Accept If protocol is ICMP and ICMP type is echo-reply Accept If protocol is ICMP and ICMP type is destination-unreachable Accept If source is 127.0.0.0/8 Accept If protocol is ICMP and ICMP type is source-quench Accept If protocol is ICMP and ICMP type is time-exceeded Accept If protocol is ICMP and ICMP type is parameter-problem Accept If protocol is TCP and source is cc12####-a.ensch1.ov.home.nl and destination ports are ssh,smtp,imaps,10000,82 Accept If protocol is TCP and source is a80-101-###-###.adsl.xs4all.nl and destination ports are ssh,smtp,imaps,10000,82 Accept If protocol is TCP and source is ###.##.0.0/16 and destination ports are ssh,smtp,imaps,10000,82 Accept If protocol is TCP and destination ports are www,https Accept If protocol is TCP and destination port is auth Accept If protocol is ICMP and ICMP type is echo-request Drop If protocol is TCP and destination port is 2049:2050 Drop If protocol is TCP and destination port is 6000:6063 Drop If protocol is TCP and destination port is 7000:7010 Accept If protocol is TCP and destination port is 1024:65535 Accept If protocol is UDP and destination port is 33434:33523
nm, appeared to be a bug in Xen Rebooting just did not work at all, only via Xen (and thus the support of the hosting company). FYI I used nmap XX.XX.XX.XX -P0 -p 22 to see somehow the port got filtered.
