Results 1 to 6 of 6

Thread: iptables rules auto adding?!

  1. #1
    Join Date
    Mar 2009
    Posts
    137

    Default iptables rules auto adding?!

    Hey guys

    ok i found out the problem of the droping packets on my servers and for somereason somethings adding rules to my iptables firewall which tells it to DROP packets from it, if i use webmin and get rid of the rules all works perfectly again, but about 10mins later it will be back causing problems again

    does anyone have any idea why it would happen?

  2. #2
    Join Date
    Mar 2009
    Posts
    137

    Default

    this is the one it adds
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    DROP 0 -- spambox.webtastix.co.nz anywhere

    and

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    DROP 0 -- spambox.webtastix.co.nz anywhere

  3. #3
    Join Date
    Jun 2008
    Posts
    232

    Default

    Sounds like a program that is monitoring your tcpip traffic is getting tripped and implementing blocks.

    I use fail2ban for this purpose, but I don't know what you're using.

    Given that this is an unmanaged service, whatever it is, it's almost guaranteed to be something that you installed (knowingly or otherwise )

    What's the OS? [Debian forum, doh!] What apps are installed?
    Last edited by chriss; 02-12-2010 at 08:38 AM. Reason: Will learn to associate one day...

  4. #4
    Join Date
    Mar 2009
    Posts
    137

    Default

    lol thanks for that, after you said that i had a look and it seems to be ossec thats doing it as i found the log and its done it alot...

    does anyone around here know how to add an exclusion for ossec active-responses? google isnt helping

  5. #5
    Join Date
    Jun 2008
    Posts
    232

  6. #6
    Join Date
    Mar 2009
    Posts
    137

    Default

    thanks alot chriss
    thats exactly what i was looking for

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •