V
V
Vincent12022-03-04 22:24:30
Apache HTTP Server
Vincent1, 2022-03-04 22:24:30

Why does iptabes skip some http requests that should be DROP?

Apache log part

51.81.220.143, 51.81.220.143 - - [04/Mar/2022:19:22:31 +0300] "GET / HTTP/1.0" 503 1532 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0"
113.125.152.179 - - [04/Mar/2022:19:23:07 +0300] "GET / HTTP/1.0" 503 1532 "-" "Go-http-client/1.1"


what is in iptables for this ip
14   DROP       all  --  51.81.220.143        0.0.0.0/0
25872 DROP       all  --  51.81.220.0/24       0.0.0.0/0
25876 DROP       all  --  51.81.220.0/24       0.0.0.0/0
25886 DROP       all  --  51.81.220.0/24       0.0.0.0/0


iptables -S
spoiler
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b-sshd
-N fail2ban-FTP
-N fail2ban-MAIL
-N fail2ban-SSH
-N fail2ban-VESTA
-N fail2ban-WEB
-N vesta
-A INPUT -p tcp -m multiport --dports 25,465,587,2525,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-WEB
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT
-A f2b-sshd -s 167.71.88.134/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A fail2ban-FTP -s 119.185.70.151/32 -j DROP
-A fail2ban-FTP -s 118.250.130.14/32 -j DROP
-A fail2ban-FTP -s 125.114.45.174/32 -j DROP
-A fail2ban-FTP -s 125.114.46.177/32 -j DROP
-A fail2ban-FTP -s 61.164.95.246/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 60.219.149.26/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 59.56.54.172/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 59.33.205.75/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 49.79.66.98/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 41.39.105.82/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 39.128.219.42/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 27.157.53.143/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 223.88.52.5/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 223.150.94.156/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 221.201.184.72/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 220.176.196.214/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 180.95.173.131/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 175.5.28.108/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 175.174.249.31/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 167.71.88.134/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 165.231.67.76/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 124.235.95.34/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 120.228.199.98/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 116.237.219.102/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 116.114.239.162/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 116.0.1.138/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 113.72.123.29/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 113.72.120.12/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 113.227.196.2/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 110.152.103.163/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -s 1.189.240.53/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-FTP -j RETURN
-A fail2ban-MAIL -s 167.248.133.46/32 -j DROP
-A fail2ban-MAIL -s 70.34.244.102/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 66.240.192.138/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 45.91.22.22/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 194.169.217.65/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 167.94.138.45/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 167.94.138.44/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 167.71.88.134/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 167.248.133.60/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 162.142.125.221/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 162.142.125.213/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 138.36.134.228/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -j RETURN
-A fail2ban-SSH -s 167.71.88.134/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -j RETURN
-A fail2ban-VESTA -j RETURN
-A fail2ban-WEB -s 51.81.220.143/32 -j DROP
-A fail2ban-WEB -s 51.81.220.0/24 -j DROP
-A fail2ban-WEB -s 18.156.136.0/24 -j DROP
-A fail2ban-WEB -s 187.89.173.0/24 -j DROP
-A fail2ban-WEB -s 37.209.243.0/24 -j DROP
-A fail2ban-WEB -s 115.96.142.0/24 -j DROP
-A fail2ban-WEB -s 127.210.181.0/24 -j DROP
-A fail2ban-WEB -s 0.141.52.0/24 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-WEB -s 18.221.2.35/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-WEB -j RETURN

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question