Iptables Task - application security

kleansoul · April 25, 2020, 11:27am

Hi,

Just wanted to understand what did I missed to configure? Any assistance to help me understand is much appreciated.

Task: We want to open all incoming connections to Nginx’s port and want to block all incoming connections to Apache’s port. Also make sure rules are permanent. Apache and Nginx ports are 8085 and 8094 respectively.

Tej-Singh-Rana · April 25, 2020, 1:56pm

i think reason is iptables in disabled mode?

kleansoul · April 26, 2020, 2:29pm

Thanks @Tej-Singh-Rana for the reply, but the issue was not that.

I figured out the issue which was that I used “–append” in the iptables rule which actually adds the rule in the end. I never noticed that the before i appended the rule, it was reject all.

Just that we need to be careful in checking the current rules before applying the new rules.

Tej-Singh-Rana · April 26, 2020, 2:47pm

I haven’t noticed thanks to inform me.

Tej-Singh-Rana · April 26, 2020, 2:53pm

but you just did append that means added in the last line of chain. Even you added in first and last, rules will works. I think append options is also correct.

Tej-Singh-Rana · April 26, 2020, 2:54pm

I think disable option is matter here. @Inderpreet can you please clear this issue. It will clear my doubts too. tasks failed reason is append option or service disable option? kindly brief more if possible.

Narendra096 · May 2, 2020, 8:29pm

@Tej-Singh-Rana
@Inderpreet
@admins

Hi All,

Please check once, i have completed this task successfully but it is showing failed state.

Tej-Singh-Rana · May 3, 2020, 12:06am

according to screen shot accept and reject scenario is fine but how you did permanent?

Tej-Singh-Rana · May 3, 2020, 12:07am

share screen shot of commands how did you configured this iptables.

Narendra096 · May 3, 2020, 7:46pm

@Tej-Singh-Rana used below command to make rules permanent:
sudo systemctl enable iptables

i have completed this task before which got completed successfuly with the same commands.

Tej-Singh-Rana · May 3, 2020, 10:33pm

sudo systemctl enable iptables is for start the service in next boot up automatically that’s not the process to make permanent.
iptables save something like command to make permanent.

kp3642 · August 22, 2020, 3:42am

It didn’t work for me as well. Please see attached screenshots.

Below image shows that connection from jump_host is being blocked for 8086 while it is wokring for 8092

Below image shows that iptable rules before. then i exited from ssh session. and then i sshed once again and listed the rules. both the times rules were same.

Is there any way by which i can take the same task once agian?

kp3642 · August 24, 2020, 7:49am

@Inderpreet any idea why this happened ?

Inderpreet · September 5, 2020, 1:48pm

@kp3642 I think you missed to add the rule as permanent.

jayashankar1729 · March 20, 2022, 11:46am

These are the steps:
sudo iptables -A INPUT -p tcp --dport 8085 -j DROP
sudo iptables -A INPUT -p tcp --dport 8094 -j ACCEPT

To add the above rules permanently:
sudo /sbin/iptables-save > /etc/sysconfig/iptables

Tej_Singh_Rana · March 22, 2022, 6:30am

Thanks for your valuable inputs, @jayashankar1729

Regards,
KodeKloud Support