I have 3 servers running CentOS 7.9. I never activated the ISPConfig built-in firewall, but decided to do so after the latest ISPConfig upgrade to 3.2.8p1. Strangely enough, on 2 out of the 3 servers the machines became unreachable after I run: bastille-firewall start When I stop the firewall the machines became accessible again. No other firewall is activated on these machines (from what I can tell). What am I doing wrong? Including below the output of iptables -n -L from each of the machines.
Server A: Machine IS accessible after bastille is activated Code: Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- !lo * 0.0.0.0/0 127.0.0.0/8 12 768 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 PUB_IN all -- eth+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- slip+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- venet+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- bond+ * 0.0.0.0/0 0.0.0.0/0 3 132 PUB_IN all -- en+ * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 PUB_OUT all -- * eth+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * slip+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * venet+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * bond+ 0.0.0.0/0 0.0.0.0/0 16 3769 PUB_OUT all -- * en+ 0.0.0.0/0 0.0.0.0/0 Chain INT_IN (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain INT_OUT (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PAROLE (18 references) pkts bytes target prot opt in out source destination 1 52 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PUB_IN (6 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 1 52 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8321 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8322 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 2 80 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PUB_OUT (6 references) pkts bytes target prot opt in out source destination 12 1537 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f2b-postfix-sasl (0 references) pkts bytes target prot opt in out source destination 74 4410 REJECT all -- * * 141.98.10.151 0.0.0.0/0 reject-with icmp-port-unreachable 337 19742 REJECT all -- * * 141.98.10.159 0.0.0.0/0 reject-with icmp-port-unreachable 784 45102 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Server B: Machine is NOT accessible after bastille is activated Code: Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- !lo * 0.0.0.0/0 127.0.0.0/8 17 1144 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 PUB_IN all -- eth+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- slip+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- venet+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- bond+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- en+ * 0.0.0.0/0 0.0.0.0/0 13 740 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 13 packets, 1748 bytes) pkts bytes target prot opt in out source destination 0 0 PUB_OUT all -- * eth+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * slip+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * venet+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * bond+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * en+ 0.0.0.0/0 0.0.0.0/0 Chain INT_IN (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain INT_OUT (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PAROLE (19 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PUB_IN (6 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8321 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8322 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:57283 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PUB_OUT (6 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f2b-postfix-sasl (0 references) pkts bytes target prot opt in out source destination 18 1080 REJECT all -- * * 87.246.7.229 0.0.0.0/0 reject-with icmp-port-unreachable 18 1080 REJECT all -- * * 80.94.95.205 0.0.0.0/0 reject-with icmp-port-unreachable 14 840 REJECT all -- * * 46.148.40.65 0.0.0.0/0 reject-with icmp-port-unreachable 12 720 REJECT all -- * * 46.148.40.62 0.0.0.0/0 reject-with icmp-port-unreachable 12 720 REJECT all -- * * 46.148.40.60 0.0.0.0/0 reject-with icmp-port-unreachable 32 1920 REJECT all -- * * 141.98.10.159 0.0.0.0/0 reject-with icmp-port-unreachable 7 420 REJECT all -- * * 141.98.10.151 0.0.0.0/0 reject-with icmp-port-unreachable 27 1550 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Server C: Machine is NOT accessible after bastille is activated Code: Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- !lo * 0.0.0.0/0 127.0.0.0/8 37 2430 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 PUB_IN all -- eth+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- slip+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- venet+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- bond+ * 0.0.0.0/0 0.0.0.0/0 0 0 PUB_IN all -- en+ * 0.0.0.0/0 0.0.0.0/0 105 9702 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 59 packets, 91265 bytes) pkts bytes target prot opt in out source destination 0 0 PUB_OUT all -- * eth+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * slip+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * venet+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * bond+ 0.0.0.0/0 0.0.0.0/0 0 0 PUB_OUT all -- * en+ 0.0.0.0/0 0.0.0.0/0 Chain INT_IN (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain INT_OUT (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PAROLE (19 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PUB_IN (6 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8321 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8322 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 0 0 PAROLE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:57283 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PUB_OUT (6 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f2b-FTP (0 references) pkts bytes target prot opt in out source destination 35 1628 REJECT all -- * * 121.5.50.91 0.0.0.0/0 reject-with icmp-port-unreachable 15 704 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f2b-postfix-sasl (0 references) pkts bytes target prot opt in out source destination 26 1560 REJECT all -- * * 87.246.7.229 0.0.0.0/0 reject-with icmp-port-unreachable 27 1620 REJECT all -- * * 80.94.95.205 0.0.0.0/0 reject-with icmp-port-unreachable 59 3542 REJECT all -- * * 141.98.10.159 0.0.0.0/0 reject-with icmp-port-unreachable 12 720 REJECT all -- * * 141.98.10.151 0.0.0.0/0 reject-with icmp-port-unreachable 100 5716 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f2b-sshd (0 references) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 47.254.120.250 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 211.115.68.228 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 8.215.65.177 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 122.254.95.86 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 159.223.184.117 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 20.189.74.132 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 121.173.251.86 0.0.0.0/0 reject-with icmp-port-unreachable 174 12831 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Do you have the ports opened in the ISPConfig firewall settings? System > Firewall > server1.example.com (add server if it does not exist there yet)
I do have all the ports opened in the Firewall section of ISPConfig. However, when I check the activate button (or run the bastille start command from CLI) is where the server become inaccesible. The only way to get back into the server is to run the bastille stop command (from CLI) and then deactivate the firewall from within the ISPConfig GUI.
You have fail2ban running on those hosts, and it has blocked some IP-numbers. Do those numbers belong to the hosts you try to test from?
If you were looking how to open ports: Code: iptables -L --line-numbers -n iptables -I INPUT -p tcp --dport {desired_port} -m state --state NEW -j ACCEPT service iptables save
Those REJECT ports are blocked by fail2ban, better to use fail2ban-client for unblocking. Read man fail2ban-client, the unban command.
No, those numbers do not belong to host from where I test. When I stop the bastille/ISPConfig firewall the Fail2Ban rules are still active, yet at that point I am able to access the servers again. So indeed the issue seems to be with the bastille/ISPConfig rules. The question is what.
Stop fail2ban as well as bastille, are there any iptables rules left? If yes, then you might run another firewall like firewalls already which interferes with bastille.
Good idea. Just tried that. No rules are active after I stop Fail2ban: Code: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination I then started Bastille without Fail2ban and at that point the server becomes unaccessible. These are the iptables rules with Fail2ban stopped and Bastille started: Code: Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- 0.0.0.0/0 127.0.0.0/8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 224.0.0.0/4 0.0.0.0/0 PUB_IN all -- 0.0.0.0/0 0.0.0.0/0 PUB_IN all -- 0.0.0.0/0 0.0.0.0/0 PUB_IN all -- 0.0.0.0/0 0.0.0.0/0 PUB_IN all -- 0.0.0.0/0 0.0.0.0/0 PUB_IN all -- 0.0.0.0/0 0.0.0.0/0 PUB_IN all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0 PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0 PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0 PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0 PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0 PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0 Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain PAROLE (19 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain PUB_IN (6 references) target prot opt source destination ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8321 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8322 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:57283 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 DROP icmp -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain PUB_OUT (6 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0