Comments (9)
Can you show me the output of iptables -L -n
? Feel free to change IP addresses if that's sensitive information, I only need the list of rules.
from python-iptables.
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:111
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:111
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20048
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20048
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:875
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:875
ACCEPT tcp -- 192.168.101.0/24 0.0.0.0/0 state NEW tcp dpt:53
ACCEPT udp -- 192.168.101.0/24 0.0.0.0/0 state NEW udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:51413
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5901
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2666
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3260
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8123
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3128
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:69
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:69
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
from python-iptables.
Thanks. Can you save this with iptables-save
so I can import it and do some testing?
from python-iptables.
# Generated by iptables-save v1.4.18 on Thu Nov 21 06:26:32 2013
*raw
:PREROUTING ACCEPT [5794145:5582147530]
:OUTPUT ACCEPT [4660354:16656174179]
COMMIT
# Completed on Thu Nov 21 06:26:32 2013
# Generated by iptables-save v1.4.18 on Thu Nov 21 06:26:32 2013
*nat
:PREROUTING ACCEPT [186692:68445240]
:INPUT ACCEPT [2215:145196]
:OUTPUT ACCEPT [44980:3247837]
:POSTROUTING ACCEPT [44977:3247583]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Thu Nov 21 06:26:32 2013
# Generated by iptables-save v1.4.18 on Thu Nov 21 06:26:32 2013
*mangle
:PREROUTING ACCEPT [11646542:10785259305]
:INPUT ACCEPT [11468451:10719121257]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9064699:34251734512]
:POSTROUTING ACCEPT [9064713:34251736924]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Thu Nov 21 06:26:32 2013
# Generated by iptables-save v1.4.18 on Thu Nov 21 06:26:32 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9064699:34251734512]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20048 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 20048 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 875 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 875 -j ACCEPT
-A INPUT -s 192.168.101.0/24 -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -s 192.168.101.0/24 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 51413 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2666 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3260 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8123 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 69 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 69 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 20 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Nov 21 06:26:32 2013
from python-iptables.
Thanks, I can now reproduce the issue. Looking into it.
from python-iptables.
Can you check out 6b662b from the alias branch? This is quite experimental and needs further cleanup, but hopefully fixes the underlying issue.
from python-iptables.
That works better. My simple test runs fine.
from python-iptables.
Just a heads up that I'm still working on this - aliasing is a bitch, worst feature ever added to iptables.
from python-iptables.
And now the fix should be in master: b0726a8
from python-iptables.
Related Issues (20)
- Target already registered when applying rule for both IPv4 and IPv6 for TPROXY HOT 3
- Double free on _Buffer destruction HOT 4
- Segmentation fault when create hashlimit match HOT 3
- iptables and iptables-legacy with Docker containers HOT 2
- Rules added via iptc - not found in iptables o/p HOT 5
- iptc has problem when working with syslog module.
- iptc.errors.XTablesError: can't find target response on iptc.easy.dump_table('filter', ipv6=False) and others
- Can't find target JOOL_SIIT when iptables for both ipv4 and ipv6 are used HOT 1
- A question please, not an issue
- cannot use protocol "all"
- Empty rule list returned on Rocky8 HOT 3
- ldconfig packaged in glibc-2.28 has a different out out than ldconfig in glibc-2.17
- Can I use python-iptables on Python 3.6? HOT 1
- Match_set invalid value b'ipset_name' HOT 8
- How to set match LOCAL HOT 4
- --random parameter not working with SNAT HOT 5
- is nftable not supported?
- can't dump rules
- Is it possible to create '! --dports' rule?
- iptc/ip4tc.py:261: SyntaxWarning: invalid escape sequence '\s'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-iptables.