[CentOS] Strange behaviour of iptables in centos 7

[Rob Kampen]

On 03/08/2016 08:35 PM, anax wrote:
> Hi
> strange behaviour of iptables on a centos 7.0 machine:
> The following rule is in the iptables of said machine:
>
> [root at myserver ~]# iptables -L -v -n --line-numbers |grep 175\.
> 9        9   456 DROP       all  --  *      *       175.44.0.0/16 
>  0.0.0.0/0
> [root at myserver ~]#
>
> The corresponding enty in /etc/sysconfig/iptables looks like:
>
> [root at myserver ~]# grep 175 /etc/sysconfig/iptables
> -A INPUT -s 175.44.0.0/16 -j DROP
> [root at myserver ~]#
>
> The rule must be there since ages, because it has number 9 out of 76 
> similar rules.
>
> Today, on the same machine (I rechecked it to make sure not to 
> confound machines), I see the following extract of the ftplog:
>
> <snip>
> 175.44.4.127    2915
> 175.44.26.128    2021
> 175.44.26.138    1322
> 175.44.6.186    1290
> 175.44.24.88    1219
> 175.44.4.199    1212
> </snip>
>
> saying that from this IP addresse there have been this many 
> connections to the ftp server on that machine during the last two 
> days, which means that the iptables haven't dropped the connection to 
> the machine. As far as I know, the ftp server is behind the iptables. 
> I also checked to see in man iptables, wheather the IP address is 
> represented correctly.
>
> What im I missing?
>
You mention iptables - but no mention of firewalld - they both use the 
same kernel mechanism, but it is important that both CANNOT be active!
If you configure and use firewalld you can query ># iptables -L and see 
what is installed, however I have no idea if this exposes the entire set 
of firewall statements - others that better understand this space, feel 
free to weigh in.
CentOS 7 has firewalld enabled by default, thus the choice to use 
iptables directly means that firewalld must be disabled.
HTH
> thanks in advance
>
> suomi
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos