Issue
Default iptables rules specified in the /etc/sysconfig/iptables file applied on the system before Imunify360 rules. This can cause the inaccessibility of ports allowed in Imunify360.
Environment
- Imunify360
- iptables
- Any supported panel
- Any supported OS
Solution
It is necessary to check if the server uses a separate service iptables.service, which takes data from the /etc/sysconfig/iptables file.
# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Thu 2022-02-10 16:26:01 -03; 17h ago
Main PID: 780 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
Feb 10 16:25:58 srv22.wcorp22.com systemd[1]: Starting IPv4 firewall with iptables...
Feb 10 16:26:01 srv22.wcorp22.com iptables.init[780]: iptables: Applying firewall rules: [ OK ]
Feb 10 16:26:01 srv22.wcorp22.com systemd[1]: Started IPv4 firewall with iptables.
If it is allowed, the set of rules in this file should be reset. Imunify360 needs to be stopped beforehand.
# cp /etc/sysconfig/iptables /root/iptables.backup
# systemctl stop imunify360
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -F
# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
# systemctl start imunify360
Cause
A separate service applies rules when the server is started and this affects the handling of traffic in the iptables chains.
Useful links
Comments
0 comments
Please sign in to leave a comment.