Unable to access server over HTTP after editing iptables rules [closed]

0 投票
最新提问 用户: (140 分)

I have server, that I want to secure it using iptables firewall. First, I changed ssh default access port in /etc/ssh/sshd_config to 5987, next I created a Shell script containing my iptables rules:

#!/bin/sh

#On flush
iptables -F

#Politics
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP

#Established Connection
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#SSH
iptables -A INPUT -p tcp --dport 5987 -j ACCEPT

#SMTP
iptables -A INPUT -p tcp --dport 25 -j ACCEPT

#POP
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 995 -j ACCEPT

#IMAPS
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT

#FTP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

#HTTP
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT


#NGINX
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT

#BACKEND
iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3000 -j ACCEPT

#COMLOGIA
iptables -A INPUT -p tcp --dport 4000 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 4000 -j ACCEPT

I tried to block any access to my server excepting over HTTP on port 80 and 8080, SSH on 5987, FTP, POP & IMAPS (sending emails), ports 3000 & 4000 (nodejs apps) After running this script, I am unable to access my web server over HTTP (ipaddress:80)

Notice: I am using docker-compose to run a multi container app.

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...