Why does ACCEPT all for all destinations in iptables not allow port 8445? – A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Why does ACCEPT all for all destinations in iptables not allow port 8445? was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, iptables, redhat, linux-networking, .
I have a test server which has the following IPtables configuration:
[root@rhel64 /]# iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
When I tried to access an application listening on port 8445, it was rejected. Once I added a rule to specifically allow tcp traffic to 8445, then I could access it. My question is why does the above configuration not allow port 8445 by default if I have the rule “ACCEPT all — anywhere anywhere”?
Because of a long standing design flaw with the
--list command. The complete firewall rule is not shown unless you use the
--verbose option. Once you do this, you will see that that rule accepts all traffic – on the