Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Konstantin Khairov2016-12-14 16:58:10
linux
Konstantin Khairov, 2016-12-14 16:58:10

Iptables not working?

Hello everyone, Linux does not work. There is a site created for the internal network of my country, but it is also connected and access from the outside (World) I want to limit it and add some white list of IP of my country that I have access to. added to iptables

# Generated by iptables-save v1.4.7 on Wed Dec 14 18:51:21 2016
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:fail2ban-MAIL - [0:0]
:fail2ban-SSH - [0:0]
:fail2ban-VESTA - [0:0]
:vesta - [0:0]
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban- VESTA
-A INPUT -p tcp -m multiport --dports 25,465,587,2525,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 83.69.138.187/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p udp -m udp --dport 27016 -j ACCEPT
-A INPUT -s 66.249.92.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 66.249.91.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 66.249.90.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 209.85.238.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 72.14.199.0 /24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 66.249.64.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 203.208.60.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 217.30.160.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 217.29.112.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 217.12.80.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 213.230.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 213.206.32.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 195.88.214.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 195.69.188.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 195.238.104.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 195.211.180.0 /22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 195.158.0.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 193.27.206.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 188.113.192.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.93.124.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.8.212.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.78.136.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.74.100.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.74.4.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 185.63.224.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.6.40.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.4.160.0 /22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.163.24.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.149.8.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 185.139.136.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 178.218.200.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 178.216.128.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 109.207.240.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 94.230.224.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 94.158.48.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 94.141.64.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.240.12.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.234.218.0 /23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.231.56.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.229.160.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.229.164.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.229.160.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.229.164.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.227.14.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.213.31.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.213.248.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 91.212.89.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.212.180.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.211.4.0 /22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.204.236.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.203.172.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.196.76.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 91.188.128.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 89.236.192.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 89.146.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 87.237.232.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 84.54.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 83.69.128.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 82.215.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 81.95.224.0 /20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 80.80.208.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 77.220.192.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 62.209.128.0/19 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 46.255.64.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 46.227.120.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 37.110.208.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 31.40.28.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 31.40.24.0/22 ​​-p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 31.135.208.0/21 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21.12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A OUTPUT -d 83.69.138.187/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -d 83.69.138.187/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A fail2ban-MAIL -j RETURN
-A fail2ban-SSH -j RETURN
-A fail2ban-VESTA -j RETURN
COMMIT
# Completed on Wed Dec 14 18:51:21 2016

(Not the whole file, but only the part where the permissions for the ip and subnet of my country are registered)
But everyone still has access, how can I fix this? Preferably through the Vesta panel, because when I save directly to iptables via SSH, everything seems to be saved, but after restarting this line is not there. help me please

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
B
b1den, 2016-12-14
@b1den

-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT

Report
C
CityCat4, 2016-12-14
@CityCat4

I can advise man ipset - and this giant list of addresses will migrate into it, and the rule will shrink to exactly one :)

Similar questions
C
crdrads2018-12-10 21:31:08
Why is it said that clip and mask are better for SVG than native CSS? 6Reply
O
OKNOZA2015-06-21 23:31:05
Can I not use NodeJS templating engine? 7Reply
K
krlljs2014-05-19 20:51:15
How to connect phpDocumentor via composer? 1Reply
I
Ivan2016-06-25 13:13:22
How to make call to mobile from linux command line? 1Reply
N
Nikolay2014-05-20 12:07:02
How to enter text from PHP into MySQL database in capital letters? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question