Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


In this Discussion

(Solved) VestaCP firewall stops all Outwards DNS lookup -even apt-get update
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

(Solved) VestaCP firewall stops all Outwards DNS lookup -even apt-get update

mehargagsmehargags Member
edited February 2015 in Help

I'm not much versed with IPtables right now... I have setup VestaCP on a server and I made some "raw" rules there to block certain ports and allow some of them.

However after this, all outwards dns lookups stop. I can't ping google.com, can't do apt-get update, worst --- exim can't resolve any domains to send mails to.

Can you suggest what to be added to my rules tables ? will I need to it manually overide or setup the rule in my VestaCP firewall panel ??

My _iptables -L -n _shows


Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-VESTA tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
fail2ban-MAIL tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,2525,110,995,143,993
fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9562
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,2525
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 3306,5432
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 110,995,143,993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9810
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2257
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT all -- x.x.x.x 0.0.0.0/0
ACCEPT all -- y.y.y.y 0.0.0.0/0
ACCEPT all -- 127.0.0.1 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-MAIL (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-VESTA (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-ssh (0 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain vesta (0 references)
target prot opt source destination

Comments

This discussion has been closed.