The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptables

Discussion in 'General Discussion' started by cyberspirit, Jul 10, 2003.

  1. cyberspirit

    cyberspirit BANNED

    Joined:
    Jun 27, 2003
    Messages:
    293
    Likes Received:
    0
    Trophy Points:
    0
    I found this here as the iptables for a fresh new cpanel 6.x installation. But it seems to me that this does not do anything? Is this the standard cpanel config? And if so does this do anything or is it just a wide open configuration? I just wonder why this is set up at all.


    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    acctboth all -- 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    acctboth all -- 0.0.0.0/0 0.0.0.0/0

    Chain acctboth (2 references)
    target prot opt source destination
    tcp -- 69.57.128.11 0.0.0.0/0 tcp dpt:80
    tcp -- 0.0.0.0/0 69.57.128.11 tcp spt:80
    tcp -- 69.57.128.11 0.0.0.0/0 tcp dpt:25
    tcp -- 0.0.0.0/0 69.57.128.11 tcp spt:25
    tcp -- 69.57.128.11 0.0.0.0/0 tcp dpt:110
    tcp -- 0.0.0.0/0 69.57.128.11 tcp spt:110
    icmp -- 69.57.128.11 0.0.0.0/0
    icmp -- 0.0.0.0/0 69.57.128.11
    tcp -- 69.57.128.11 0.0.0.0/0
    tcp -- 0.0.0.0/0 69.57.128.11
    udp -- 69.57.128.11 0.0.0.0/0
    udp -- 0.0.0.0/0 69.57.128.11
    all -- 69.57.128.11 0.0.0.0/0
    all -- 0.0.0.0/0 69.57.128.11
    tcp -- 69.57.129.22 0.0.0.0/0 tcp dpt:80
    tcp -- 0.0.0.0/0 69.57.129.22 tcp spt:80
    tcp -- 69.57.129.22 0.0.0.0/0 tcp dpt:25
    tcp -- 0.0.0.0/0 69.57.129.22 tcp spt:25
    tcp -- 69.57.129.22 0.0.0.0/0 tcp dpt:110
    tcp -- 0.0.0.0/0 69.57.129.22 tcp spt:110
    icmp -- 69.57.129.22 0.0.0.0/0
    icmp -- 0.0.0.0/0 69.57.129.22
    tcp -- 69.57.129.22 0.0.0.0/0
    tcp -- 0.0.0.0/0 69.57.129.22
    udp -- 69.57.129.22 0.0.0.0/0
    udp -- 0.0.0.0/0 69.57.129.22
    all -- 69.57.129.22 0.0.0.0/0
    all -- 0.0.0.0/0 69.57.129.22
    tcp -- 69.57.129.33 0.0.0.0/0 tcp dpt:80
    tcp -- 0.0.0.0/0 69.57.129.33 tcp spt:80
    tcp -- 69.57.129.33 0.0.0.0/0 tcp dpt:25
    tcp -- 0.0.0.0/0 69.57.129.33 tcp spt:25
    tcp -- 69.57.129.33 0.0.0.0/0 tcp dpt:110
    tcp -- 0.0.0.0/0 69.57.129.33 tcp spt:110
    icmp -- 69.57.129.33 0.0.0.0/0
    icmp -- 0.0.0.0/0 69.57.129.33
    tcp -- 69.57.129.33 0.0.0.0/0
    tcp -- 0.0.0.0/0 69.57.129.33
    udp -- 69.57.129.33 0.0.0.0/0
    udp -- 0.0.0.0/0 69.57.129.33
    all -- 69.57.129.33 0.0.0.0/0
    all -- 0.0.0.0/0 69.57.129.33
    tcp -- 69.57.129.44 0.0.0.0/0 tcp dpt:80
    tcp -- 0.0.0.0/0 69.57.129.44 tcp spt:80
    tcp -- 69.57.129.44 0.0.0.0/0 tcp dpt:25
    tcp -- 0.0.0.0/0 69.57.129.44 tcp spt:25
    tcp -- 69.57.129.44 0.0.0.0/0 tcp dpt:110
    tcp -- 0.0.0.0/0 69.57.129.44 tcp spt:110
    icmp -- 69.57.129.44 0.0.0.0/0
    icmp -- 0.0.0.0/0 69.57.129.44
    tcp -- 69.57.129.44 0.0.0.0/0
    tcp -- 0.0.0.0/0 69.57.129.44
    udp -- 69.57.129.44 0.0.0.0/0
    udp -- 0.0.0.0/0 69.57.129.44
    all -- 69.57.129.44 0.0.0.0/0
    all -- 0.0.0.0/0 69.57.129.44
    tcp -- 69.57.129.55 0.0.0.0/0 tcp dpt:80
    tcp -- 0.0.0.0/0 69.57.129.55 tcp spt:80
    tcp -- 69.57.129.55 0.0.0.0/0 tcp dpt:25
    tcp -- 0.0.0.0/0 69.57.129.55 tcp spt:25
    tcp -- 69.57.129.55 0.0.0.0/0 tcp dpt:110
    tcp -- 0.0.0.0/0 69.57.129.55 tcp spt:110
    icmp -- 69.57.129.55 0.0.0.0/0
    icmp -- 0.0.0.0/0 69.57.129.55
    tcp -- 69.57.129.55 0.0.0.0/0
    tcp -- 0.0.0.0/0 69.57.129.55
    udp -- 69.57.129.55 0.0.0.0/0
    udp -- 0.0.0.0/0 69.57.129.55
    all -- 69.57.129.55 0.0.0.0/0
    all -- 0.0.0.0/0 69.57.129.55
    all -- 0.0.0.0/0 0.0.0.0/0

    cPanel.net Support Ticket Number:
     
  2. darksoul

    darksoul Active Member

    Joined:
    Feb 20, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    that is used by bandmin to calculate traffic

    cPanel.net Support Ticket Number:
     
  3. wwwhosts

    wwwhosts Well-Known Member

    Joined:
    Apr 25, 2003
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NZ
    I,ve stuffed up my firewall :confused:

    how can I restore it to what it should be please?

    iptables is set to accept all :mad:

    thanks

    cPanel.net Support Ticket Number:
     
  4. wwwhosts

    wwwhosts Well-Known Member

    Joined:
    Apr 25, 2003
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NZ
    I've fixed my firewall :rolleyes:

    is the above chain neccesary? (acctboth)

    cPanel.net Support Ticket Number:
     
  5. NiteStalker22

    NiteStalker22 Active Member

    Joined:
    May 13, 2002
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    iptables -F acctboth
    cd && iptables-save > ./firewall.txt


    Add this to the END of /etc/rc.local ..

    /sbin/iptables-restore < /root/firewall.txt

    ..so it'll load that saved configuration on-boot.

    cPanel.net Support Ticket Number:
     
  6. wwwhosts

    wwwhosts Well-Known Member

    Joined:
    Apr 25, 2003
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NZ
    thanks for that, it setup the accboth part with no rules.
    I don't have the file firewall.txt in /root and can't find it on my system.

    any idea where it might be?

    cPanel.net Support Ticket Number:
     
    #6 wwwhosts, Jul 13, 2003
    Last edited: Jul 13, 2003
  7. wwwhosts

    wwwhosts Well-Known Member

    Joined:
    Apr 25, 2003
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NZ
    I see it's created firewall.txt in root which is identical to /etc/sysconfig/iptables (with no rules for accboth)

    can someone give me a working copy of the accboth rules please? :D

    cPanel.net Support Ticket Number:
     
  8. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    I too, would be interested in finding out more on the 'acctboth' rule. Although the flushing is good, that particular rule does appear to grow enormous -- was at 742MB before the flush.

    Spoke too soon,

    /sbin/iptables -F acctboth
    /sbin/iptables --flush acctboth
    /sbin/iptables -LZ acctboth

    didn't reset to zero?
     
    #8 Website Rob, Jul 14, 2003
    Last edited: Jul 14, 2003
  9. wwwhosts

    wwwhosts Well-Known Member

    Joined:
    Apr 25, 2003
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NZ
    wow, that seems ridiculus :eek:

    maybe I won't use that rule after all, bandwidth is still being recorded and it seems correct :rolleyes:

    cPanel.net Support Ticket Number:
     
  10. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Ridiculous compared to what?

    /sbin/iptables -L INPUT -v

    What does the second column from the left (bytes) show on yours, for acctboth?

    cPanel.net Support Ticket Number:
     
  11. wwwhosts

    wwwhosts Well-Known Member

    Joined:
    Apr 25, 2003
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NZ
    197M

    cPanel.net Support Ticket Number:
     
  12. NiteStalker22

    NiteStalker22 Active Member

    Joined:
    May 13, 2002
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Mmmhmm.. quite pointless to even bother with acctboth at all. . .

    It slows the firewall down immensely.. so I'd advise against keeping many rules in there.


    cPanel.net Support Ticket Number:
     
  13. NiteStalker22

    NiteStalker22 Active Member

    Joined:
    May 13, 2002
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    You don't -need- any. ;)

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page