Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Konstantin Khairov2016-12-14 16:58:10
linux
Konstantin Khairov, 2016-12-14 16:58:10

Iptables not working?

Hello everyone, Linux does not work. There is a site created for the internal network of my country, but it is also connected and access from the outside (World) I want to limit it and add some white list of IP of my country that I have access to. added to iptables

# Generated by iptables-save v1.4.7 on Wed Dec 14 18:51:21 2016
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:fail2ban-MAIL - [0:0]
:fail2ban-SSH - [0:0]
:fail2ban-VESTA - [0:0]
:vesta - [0:0]
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban- VESTA
-A INPUT -p tcp -m multiport --dports 25,465,587,2525,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 83.69.138.187/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p udp -m udp --dport 27016 -j ACCEPT
-A INPUT -s 66.249.92.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 66.249.91.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 66.249.90.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 209.85.238.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 72.14.199.0 /24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 66.249.64.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 203.208.60.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 217.30.160.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 217.29.112.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 217.12.80.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 213.230.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 213.206.32.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 195.88.214.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 195.69.188.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 195.238.104.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 195.211.180.0 /22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 195.158.0.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 193.27.206.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 188.113.192.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.93.124.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.8.212.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.78.136.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.74.100.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.74.4.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 185.63.224.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.6.40.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.4.160.0 /22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.163.24.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.149.8.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.139.136.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 178.218.200.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 178.216.128.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 109.207.240.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 94.230.224.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 94.158.48.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 94.141.64.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.240.12.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.234.218.0 /23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.231.56.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.229.160.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.229.164.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.229.160.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.229.164.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.227.14.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.213.31.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.213.248.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 91.212.89.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.212.180.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.211.4.0 /22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.204.236.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.203.172.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.196.76.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.188.128.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 89.236.192.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 89.146.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 87.237.232.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 84.54.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 83.69.128.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 82.215.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 81.95.224.0 /20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 80.80.208.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 77.220.192.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 62.209.128.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 46.255.64.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 46.227.120.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 37.110.208.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 31.40.28.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 31.40.24.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 31.135.208.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21.12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A OUTPUT -d 83.69.138.187/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -d 83.69.138.187/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A fail2ban-MAIL -j RETURN
-A fail2ban-SSH -j RETURN
-A fail2ban-VESTA -j RETURN
COMMIT
# Completed on Wed Dec 14 18:51:21 2016

(Not the whole file, but only the part where the permissions for the ip and subnet of my country are registered)
But everyone still has access, how can I fix this? Preferably through the Vesta panel, because when I save directly to iptables via SSH, everything seems to be saved, but after restarting this line is not there. help me please

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
B
b1den, 2016-12-14
@b1den

-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT

Report
C
CityCat4, 2016-12-14
@CityCat4

I can advise man ipset - and this giant list of addresses will migrate into it, and the rule will shrink to exactly one :)

Similar questions
O
OKNOZA2015-06-21 23:31:05
Can I not use NodeJS templating engine? 7Reply
V
Vitaliy Kybych2019-11-17 23:37:33
How to set up wifi adapter in VirtualBox? 4Reply
I
Ivan Antonov2019-02-20 11:00:19
How to implement 3D rendering with selected textures for a php site? 5Reply
A
Artem Melnykov2019-02-09 16:27:18
How to install ubuntu next to windows xp? 1Reply
Z
Zzzz92016-09-09 16:53:20
Debian live-usb no grub-install, how to restore grub after windows install? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question