[ale] iptables ruleset blocks external traffic... OUTPUT policy is ACCEPT

Adrya Stembridge adrya.stembridge at gmail.com
Fri May 16 09:38:42 EDT 2014


My previous INPUT policy was ACCEPT.   I'm attempting to limit access to a
machine to specific subnets (4.3.2.0/24),   So I added a couple rules for
that (including one to allow LDAP traffic over port 636), then set the
INPUT policy to DROP.  From that point on I can't access any external
content.   The OUTPUT policy is ACCEPT.    If I change the INPUT policy
back to ACCEPT, I can again access external content.

Here's the ruleset:

Chain INPUT (policy DROP 461 packets, 81259 bytes)

num   pkts bytes target     prot opt in     out     source
  destination

1    11835 1095K fail2ban-SSH  tcp  --  *      *       0.0.0.0/0
     0.0.0.0/0           tcp dpt:22

2    2972K 1083M ACCEPT     all  --  *      *       4.3.2.0/24
  0.0.0.0/0

3        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
  0.0.0.0/0           tcp dpt:636

4    3747K  436M ACCEPT     all  --  *      *       0.0.0.0/0
  0.0.0.0/0           state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

num   pkts bytes target     prot opt in     out     source
  destination

Chain OUTPUT (policy ACCEPT 89676 packets, 26M bytes)

num   pkts bytes target     prot opt in     out     source
  destination

Chain fail2ban-SSH (1 references)

num   pkts bytes target     prot opt in     out     source
  destination

1    11776 1092K RETURN     all  --  *      *       0.0.0.0/0
  0.0.0.0/0


Any idea what in here could be causing the holdup?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140516/cb4a8426/attachment.html>


More information about the Ale mailing list