Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : how config/remove iptables ?

[mixmox]

hello
our main server go down after ptable start
we have install csf and apf but nothing change also i have add all port we need like 80 and ... to iptable but nothing change and only "service iptables stop" can help us to make server up.

what should i do?
also when i check server concole via kvm this line show on : ip_table : (c) 2000-2006 netfilter core team
then i run service iptable sstop and ebvery thing go right and server going available for users

[Syslint]

You installed both csf and apf ? That is a bad idea . Please remove all firewall and install only one . CSF is a good iptable firewall script .

[ssfred]

Hello
Make sure the server is up through KVM and then ensure that your IP is not blocked by the firewall rules. Please remove all existing installations of firewall applications and then reinstall and configure CSF alone.

[lynxus]

Whats the output of the /etc/sysconfig/iptables file?
That is the file that those scripts will mess with..

Essentially for just port 80 & SSH from anywhere to your machine and dropping everything else would look like:

INPUT traffic.
-protocol = tcp
port = 80
new connection
accept.

-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
Means that anything already connected is allowed.

Code:

:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#
#
#
-A INPUT -p tcp -m tcp -m state --dport 80 --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp -m state --dport 22 --state NEW -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
#
#
#
# DROP EVERYTHING ELSE
-A INPUT -j DROP
#
COMMIT

[brianoz]

Also make sure you don't run the iptables service with either CSF or APF - you can only run one of those 3 at once, they all use iptables.