Comments (9)
ldx
commented on June 10, 2024
Can you show me the output of iptables -L -n? Feel free to change IP addresses if that's sensitive information, I only need the list of rules.
from python-iptables.
bcl
commented on June 10, 2024
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:111
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:111
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20048
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20048
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:875
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:875
ACCEPT tcp -- 192.168.101.0/24 0.0.0.0/0 state NEW tcp dpt:53
ACCEPT udp -- 192.168.101.0/24 0.0.0.0/0 state NEW udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:51413
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5901
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2666
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3260
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8123
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3128
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:69
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:69
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
from python-iptables.
ldx
commented on June 10, 2024
Thanks. Can you save this with iptables-save so I can import it and do some testing?
from python-iptables.
bcl
commented on June 10, 2024
# Generated by iptables-save v1.4.18 on Thu Nov 21 06:26:32 2013
*raw
:PREROUTING ACCEPT [5794145:5582147530]
:OUTPUT ACCEPT [4660354:16656174179]
COMMIT
# Completed on Thu Nov 21 06:26:32 2013
# Generated by iptables-save v1.4.18 on Thu Nov 21 06:26:32 2013
*nat
:PREROUTING ACCEPT [186692:68445240]
:INPUT ACCEPT [2215:145196]
:OUTPUT ACCEPT [44980:3247837]
:POSTROUTING ACCEPT [44977:3247583]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Thu Nov 21 06:26:32 2013
# Generated by iptables-save v1.4.18 on Thu Nov 21 06:26:32 2013
*mangle
:PREROUTING ACCEPT [11646542:10785259305]
:INPUT ACCEPT [11468451:10719121257]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9064699:34251734512]
:POSTROUTING ACCEPT [9064713:34251736924]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Thu Nov 21 06:26:32 2013
# Generated by iptables-save v1.4.18 on Thu Nov 21 06:26:32 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9064699:34251734512]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20048 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 20048 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 875 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 875 -j ACCEPT
-A INPUT -s 192.168.101.0/24 -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -s 192.168.101.0/24 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 51413 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2666 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3260 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8123 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 69 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 69 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 20 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Nov 21 06:26:32 2013
from python-iptables.
ldx
commented on June 10, 2024
Thanks, I can now reproduce the issue. Looking into it.
from python-iptables.
ldx
commented on June 10, 2024
Can you check out 6b662b from the alias branch? This is quite experimental and needs further cleanup, but hopefully fixes the underlying issue.
from python-iptables.
bcl
commented on June 10, 2024
That works better. My simple test runs fine.
from python-iptables.
ldx
commented on June 10, 2024
Just a heads up that I'm still working on this - aliasing is a bitch, worst feature ever added to iptables.
from python-iptables.
ldx
commented on June 10, 2024
And now the fix should be in master: b0726a8
from python-iptables.
Related Issues (20)
- Target already registered when applying rule for both IPv4 and IPv6 for TPROXY HOT 3
- Double free on _Buffer destruction HOT 4
- Segmentation fault when create hashlimit match HOT 3
- iptables and iptables-legacy with Docker containers HOT 2
- Rules added via iptc - not found in iptables o/p HOT 5
- iptc has problem when working with syslog module.
- iptc.errors.XTablesError: can't find target response on iptc.easy.dump_table('filter', ipv6=False) and others
- Can't find target JOOL_SIIT when iptables for both ipv4 and ipv6 are used HOT 1
- A question please, not an issue
- cannot use protocol "all"
- Empty rule list returned on Rocky8 HOT 3
- ldconfig packaged in glibc-2.28 has a different out out than ldconfig in glibc-2.17
- Can I use python-iptables on Python 3.6? HOT 1
- Match_set invalid value b'ipset_name' HOT 8
- How to set match LOCAL HOT 4
- --random parameter not working with SNAT HOT 5
- is nftable not supported?
- can't dump rules
- Is it possible to create '! --dports' rule?
- iptc/ip4tc.py:261: SyntaxWarning: invalid escape sequence '\s'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-iptables.