1

Here is the output of iptables -L -v in Ubuntu 22.04:

https://pastebin.ubuntu.com/p/47ysNrXCcN/

Chain DENYIN (1 references)
 pkts bytes target     prot opt in     out     source               destination                                                                                                              
  276 14576 DROP       all  --  !lo    any     sylnat-27.147.226.250.link3.net                                                                                                               anywhere

Chain DENYOUT (1 references)
 pkts bytes target     prot opt in     out     source               destination                                                                                                              
    0     0 LOGDROPOUT  all  --  any    !lo     anywhere             sylnat-27.1

If I write:

iptables -D INPUT -s sylnat-27.147.226.250.link3.net -j DROP

The output is: iptables v1.8.7 (nf_tables): host/network sylnat-27.147.226.250.link3.net' not found

If I write:

iptables -D INPUT -s 27.147.226.250 -j DROP

The output is: iptables: Bad rule (does a matching rule exist in that chain?).

2
  • 1
    iptables -F DENYIN, iptables -F DENYOUT, iptables -X DENYIN and iptables -X DENYOUT ... In that order to delete those two chains.
    – Raffa
    Commented Aug 18, 2023 at 8:55
  • 1
    Of course you'll need to delete rules referring to those chains first … Then start clean by first allowing your IP and then dropping/rejecting anything else … Rules order matter … Is that what you’re trying to achieve?
    – Raffa
    Commented Aug 18, 2023 at 11:01

1 Answer 1

2

Whatever I write below can never be enough for you to know all you need regarding ipatebles ... So please read the manual for options and research the internet for the concepts.

It appears that you don't know what you are doing as you don't seem to know what rules actually exist on your system and you don't seem to know the difference between a rule and a chain of rules ... Therefore I would suggest that you remove all existing user rules and start correctly from a clean state.

Your system has two chains of rules that are not empty that I suggest you remove in order to reach a clean state that you actually know and control ... Please, see this demonstration:

$ sudo iptables -N MY_CHAIN
$ sudo iptables -A MY_CHAIN ! -i lo ! -o lo -j REJECT
$ sudo iptables -A INPUT -j MY_CHAIN
$ sudo iptables -A OUTPUT -j MY_CHAIN

... that will block(REJECT packets) all inbound and outbound traffic on all interfaces except the loopback interface which is needed for some important applications on your system to work correctly.

The rules are nested in a chain:

$ sudo iptables -vL MY_CHAIN
Chain MY_CHAIN (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 1457  142K REJECT     all  --  !lo    !lo     anywhere             anywhere             reject-with icmp-port-unreachable

... (2 references) means that two rules are referring to this chain ... You need to find them and delete them first before you can delete the chain ... Find them with something like:

$ sudo iptables -S | grep MY_CHAIN
-N MY_CHAIN
-A INPUT -j MY_CHAIN
-A OUTPUT -j MY_CHAIN
-A MY_CHAIN ! -i lo ! -o lo -j REJECT --reject-with icmp-port-unreachable

... Delete the two rules:

$ sudo iptables -D INPUT -j MY_CHAIN
$ sudo iptables -D OUTPUT -j MY_CHAIN

... Confirm the chain is now empty:

$ sudo iptables -vL MY_CHAIN
Chain MY_CHAIN (0 references)
 pkts bytes target     prot opt in     out     source               destination         
 4740  434K REJECT     all  --  !lo    !lo     anywhere             anywhere             reject-with icmp-port-unreachable

... Flush the chain from the kernel's tables:

$ sudo iptables -F MY_CHAIN

... Delete the now empty chain:

$ sudo iptables -X MY_CHAIN

Do that for the two user chains your system has.

Now decide what you want ... You appear to want to allow connections from and to your IP 27.147.226.250 and block the rest excluding the loopback interface ... If that's what you want, then it can be done in many ways ... I will however demonstrate a way doing that that I think is straight forward and easy to understand ... That is:

$ sudo iptables -A INPUT -s 27.147.226.250 -j ACCEPT
$ sudo iptables -A OUTPUT -d 27.147.226.250 -j ACCEPT
$ sudo iptables -A INPUT ! -i lo -j REJECT
$ sudo iptables -A OUTPUT ! -o lo -j REJECT

Notice that the order of the rules is important as rules are evaluated in order starting from the first and therefore you must allow your IP's traffic before blocking everything's traffic.

1
  • 1
    Thanks for the advice. Commented Aug 21, 2023 at 15:54

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .