2
I recently bough new KVM/VPS once I install OpenResty(nginx fork) and run it , my server were not accepting incoming connection on the test port 8080
I manage to solve the issue by adding port 8080 to allowed rules ,
iptables -I INPUT -p tcp --dport 8080 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -I OUTPUT -p tcp --sport 8080 -m conntrack --ctstate ESTABLISHED -j ACCEPT
but I still can't understand the default rules that comes with my VPS
pkts bytes target prot opt in out source destination
361K 1192M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1 60 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
464K 70M INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
464K 70M INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
464K 70M INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
1324 61332 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
458K 70M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
specially the last line is it blocks all incoming traffic !
Great explain , I miss rules order part , +I agree with you about use DROP instead of REJECT specially to block some small attacks ,iptables is great tools but it commands very primitives need some times to tweak it well .Last do you know simple way to receive connection message with command line tools of via some language like (C/PHP) – Salem F – 2019-02-09T22:16:13.363
Do you mean capture packets on the machine? If so, you can use a tool like
tcpdump
orngrep
. – nKn – 2019-02-11T08:50:26.653I mean the reply message form the other machine , e.g if I use curl won't show me that message , I don't know
tcpdump
. – Salem F – 2019-03-01T22:24:42.190