I AM BLOCKED OUT FROM MY SERVER

General support questions
stevenh
Posts: 12
Joined: 2014/12/18 03:20:25

I AM BLOCKED OUT FROM MY SERVER

Post by stevenh » 2015/01/22 04:59:42

Dear All,

I am learning how to secure my Centos server so I add the rule " iptables -P INPUT DROP" into iptables firewall so I am completely blocked out from my server. Is there any way to delete that rule or reset the iptables firewall ? Please help me.
Thanks a lot.
Steven
stevenh

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: I AM BLOCKED OUT FROM MY SERVER

Post by gerald_clark » 2015/01/22 05:12:29

Do not double post.
You will need root access to remove the rule.

stevenh
Posts: 12
Joined: 2014/12/18 03:20:25

Re: I AM BLOCKED OUT FROM MY SERVER

Post by stevenh » 2015/01/22 05:28:34

Dear,

I have root access but the issue is it block all ip I can't ssh to server.

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: I AM BLOCKED OUT FROM MY SERVER

Post by gerald_clark » 2015/01/22 05:56:45

There is no magic. You or someone else will need access to the machine.

User avatar
TrevorH
Forum Moderator
Posts: 29457
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: I AM BLOCKED OUT FROM MY SERVER

Post by TrevorH » 2015/01/22 08:57:04

If you didn't save the new rule then a reboot of the server should bring it back up with the old rules in place. If you did then you'll need to edit /etc/sysconfig/iptables from a console to amend the rules and restart the firewall service. If you are locked out remotely because of this then you will need someone with local console access or the ability to hit the power button/ctrl-alt-delete to reboot it. There's no way in if everything is being dropped.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

stevenh
Posts: 12
Joined: 2014/12/18 03:20:25

Re: I AM BLOCKED OUT FROM MY SERVER

Post by stevenh » 2015/01/22 14:01:02

Dear All,

Thanks for your help. Luckily I haven't save the rule so I will get a local guy to reboot it by power button. I will post to you when i am able to access server.
Best regards,
Steven

stevenh
Posts: 12
Joined: 2014/12/18 03:20:25

Re: I AM BLOCKED OUT FROM MY SERVER

Post by stevenh » 2015/01/22 18:54:04

Dear Trevor,

Thanks for your help. After reboot it is back to the old rule.
Trevor, I use this Centos server with asterisk and Free PBX inside to use for office phone but these days hacker attack too much and i have to pay for bandwidth extra. If I add some rules like " iptables -A INPUT -j DROP" then my phone doesn't work. Can you show me which rules I should add in iptables to prevent hacker but my phone still working please.

Best regards,
Steven

User avatar
TrevorH
Forum Moderator
Posts: 29457
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: I AM BLOCKED OUT FROM MY SERVER

Post by TrevorH » 2015/01/22 22:09:58

Post your current rules - the output of iptables-save is easiest to read and most complete.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

stevenh
Posts: 12
Joined: 2014/12/18 03:20:25

Re: I AM BLOCKED OUT FROM MY SERVER

Post by stevenh » 2015/01/23 01:40:32

Here is currently iptables rules:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:10099
DROP all -- 24.114.37.34 anywhere
DROP all -- 74.91.26.202 anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

User avatar
TrevorH
Forum Moderator
Posts: 29457
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: I AM BLOCKED OUT FROM MY SERVER

Post by TrevorH » 2015/01/23 08:24:41

Try again: "the output of iptables-save is easiest to read and most complete."
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - General Support”