Why does ACCEPT all for all destinations in iptables not allow port 8445? – A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Why does ACCEPT all for all destinations in iptables not allow port 8445? was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, iptables, redhat, linux-networking, .
I have a test server which has the following IPtables configuration:
[root@rhel64 /]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
When I tried to access an application listening on port 8445, it was rejected. Once I added a rule to specifically allow tcp traffic to 8445, then I could access it. My question is why does the above configuration not allow port 8445 by default if I have the rule “ACCEPT all — anywhere anywhere”?
Because of a long standing design flaw with the iptables -L/--list command. The complete firewall rule is not shown unless you use the -v/--verbose option. Once you do this, you will see that that rule accepts all traffic – on the lo interface!
