For some unknown reason, the firewall script was not executed. Now I get the output of iptables-save.
May be this is the reason why unwanted packets hit the system... a big blunder. Sans On Mon, Aug 8, 2011 at 5:44 PM, RSCL Mumbai <rscl.mum...@gmail.com> wrote: > > > On Mon, Aug 8, 2011 at 4:20 PM, Антон Квашёнкин > <anton.juga...@gmail.com>wrote: > >> Hi, >> >> Could you attach iptables-save output. >> > > "iptables-save" output is blank -- no output. > Not sure why ? > > Thx > Sans >
[root@e1 ~]# iptables-save # Generated by iptables-save v1.3.5 on Mon Aug 8 08:19:37 2011 *filter :INPUT DROP [1:78] :FORWARD DROP [0:0] :OUTPUT ACCEPT [2496:492015] -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW -j ACCEPT -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 3100 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4142 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 4445 -j ACCEPT -A INPUT -i eth1 -p tcp -m tcp --dport 4445 -j ACCEPT -A INPUT -s 67.18.110.210 -i eth1 -p tcp -m tcp --dport 3306 -j ACCEPT -A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 61.16.181.9 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 61.16.181.9 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 61.16.181.9 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 203.109.120.65 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 203.109.120.65 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 203.109.120.65 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 81.201.82.128/255.255.255.192 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 81.201.82.128/255.255.255.192 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 81.201.82.128/255.255.255.192 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 81.201.83.0/255.255.255.192 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 81.201.83.0/255.255.255.192 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 81.201.83.0/255.255.255.192 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 81.201.84.0/255.255.255.0 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 81.201.84.0/255.255.255.0 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 81.201.84.0/255.255.255.0 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 81.201.86.0/255.255.255.192 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 81.201.86.0/255.255.255.192 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 81.201.86.0/255.255.255.192 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 74.55.98.122 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 74.55.98.122 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 74.55.98.122 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 74.55.98.120 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 74.55.98.120 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 74.55.98.120 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 64.154.41.150 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 64.154.41.150 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 64.154.41.150 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 64.154.41.100 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 64.154.41.100 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 64.154.41.100 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 46.19.209.8/255.255.255.248 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 46.19.209.8/255.255.255.248 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 46.19.209.72/255.255.255.248 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 46.19.209.72/255.255.255.248 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 46.19.210.8/255.255.255.248 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 46.19.210.8/255.255.255.248 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 46.19.210.72/255.255.255.248 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 46.19.210.72/255.255.255.248 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 81.85.224.40/255.255.255.254 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 81.85.224.40/255.255.255.254 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 212.150.88.20/255.255.255.252 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT -A INPUT -s 212.150.88.20/255.255.255.252 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT -A INPUT -s 46.19.209.0/255.255.255.128 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -s 46.19.210.0/255.255.255.128 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP -A INPUT -f -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A INPUT -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Mon Aug 8 08:19:37 2011 # Generated by iptables-save v1.3.5 on Mon Aug 8 08:19:37 2011 *nat :PREROUTING ACCEPT [374:75238] :POSTROUTING ACCEPT [74:6988] :OUTPUT ACCEPT [74:6988] COMMIT # Completed on Mon Aug 8 08:19:37 2011
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users