Page 1 of 1

IPTables REJECT not blocking port 80

Posted: 2020/06/23 13:51:40
by jjrowan
My server has been getting frequent attempts from a device on 89.144.x.x. There is nothing on the server for anyone on that network so I tried blocking all access via IPTables.

iptables -L -n |grep 89.144
REJECT tcp -- 89.144.0.0/16 0.0.0.0/0 state NEW tcp reject-with icmp-port-unreachable

But the last two days there have been attempts to access the web server logged in the /var/log/httpd/access_log

I'm not an expert by any means with iptables but I though this would prevent any access from this net block.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 89.144.0.0/16 -j REJECT --reject-with icmp-port-unreachable.

What am I missing?

Re: IPTables REJECT not blocking port 80

Posted: 2020/06/23 14:01:01
by tunk
I assume you have disabled firewalld and installed iptables?
I also think the order of the rules matters, if you have opened
for all http traffic before this rule ...

Re: IPTables REJECT not blocking port 80

Posted: 2020/06/23 14:18:28
by jjrowan
Yes firewalld disabled and iptables enabled.
The rule to block is above rule permitting port 80 access.

Re: IPTables REJECT not blocking port 80

Posted: 2020/06/23 14:36:51
by tunk
I had a similar problem which was fixed by putting this in /etc/sysconfig/iptables:
-A INPUT -s 123.45.67.0/20 -j DROP
I have no RH-Firewall-1-INPUT chain, only INPUT, FORWARD and OUTPUT.

Re: IPTables REJECT not blocking port 80

Posted: 2020/06/23 15:43:16
by TrevorH
RH-Firewall-1-INPUT is something that was used in CentOS 5 and abandoned in 6. It's a relic.

Re: IPTables REJECT not blocking port 80

Posted: 2020/06/23 16:22:55
by jlehtone
Please show what is in table filter, Do use:

Code: Select all

iptables -S