FYI Problem with ./add-ip

unsichtbarre

Member
Joined
May 17, 2009
Messages
116
Reaction score
2
Hi Everyone!

I have run ./add-ip to whitelist a few IPs necessary for my system and a couple things happen, but IP is not whitelisted.
Code:
[email protected]:~#./add-ip 1234 8.8.8.8
The following services are available for activation with 8.8.8.8:
0 - ALL Services
1 - SIP (UDP)
2 - SIP (TCP)
3 - IAX
4 - Web
5 - WebMin
6 - FTP
7 - t*f*t*p
8 - SSH
9 - FOP
Enter the services desired by number. Separate entries with commas.
For example: 1,4 would activate standard UDP SIP plus web access.

0

The following whitelisted services were requested for 8.8.8.8:
ALL Services
ln: failed to create symbolic link '/usr/sbin/iptables': File exists
IP address successfully added to WhiteList.

To display current iptables rules in effect for this IP address,  press Enter.
The following iptables rules now are in effect for 8.8.8.8:
ACCEPT     all  --  8.8.8.8              0.0.0.0/0
[email protected]:~#
Moreover, a file is created "1234.iptables" but it is completely blank!

Ubuntu 18.04 - upcloud - build based off of: http://nerdvittles.com/?p=25930

Any help appreciated!
THX
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,136
Reaction score
2,627
The blank 1234.iptables is correct. The following entry tells me it is, in fact, whitelisted since that data is pulled from uptables -nL:
Code:
ACCEPT     all  --  8.8.8.8              0.0.0.0/0
 
  • Like
Reactions: unsichtbarre

unsichtbarre

Member
Joined
May 17, 2009
Messages
116
Reaction score
2
Whitelist does not seem to be working. I built at home and whitelisted my office during the build, and can't get in from my office. I went home again, presuming it was my mistake and did it again, then for another IP at my office, and neither can get in.

My office is: 89.116.249.253 and, at minimum can not access 80 & 443

Oddly, my home (89.116.249.199) can access everything

Code:
[email protected]:~# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x10/0x10
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED
ACCEPT     all  --  127.0.0.0/8          0.0.0.0/0
ACCEPT     all  --  10.0.0.0/8           0.0.0.0/0
ACCEPT     all  --  192.168.0.0/16       0.0.0.0/0
ACCEPT     all  --  172.16.0.0/12        0.0.0.0/0
ACCEPT     all  --  65.117.249.199       0.0.0.0/0
ACCEPT     all  --  152.44.37.182        0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:53 dpts:9999:65535
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 12
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:113
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:1723
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:32976
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:4445
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:123
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:5353
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:2000
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8000
<<lines removed>>
ACCEPT     all  --  35.156.192.164       0.0.0.0/0
ACCEPT     all  --  50.17.48.216         0.0.0.0/0
ACCEPT     all  --  52.60.138.31         0.0.0.0/0
ACCEPT     all  --  52.8.201.128         0.0.0.0/0
ACCEPT     all  --  52.41.52.34          0.0.0.0/0
ACCEPT     udp  --  207.239.159.171      0.0.0.0/0            udp dpts:5060:5069
ACCEPT     udp  --  38.130.255.68        0.0.0.0/0            udp dpts:5060:5069
ACCEPT     udp  --  207.239.159.171      0.0.0.0/0            udp dpts:5060:5069
ACCEPT     udp  --  173.246.36.196       0.0.0.0/0            udp dpts:5060:5069
ACCEPT     udp  --  207.239.159.171      0.0.0.0/0            udp dpts:5060:5069
ACCEPT     all  --  152.44.37.118        0.0.0.0/0
ACCEPT     udp  --  89.117.249.253       0.0.0.0/0            udp dpts:5060:5069
ACCEPT     tcp  --  89.117.249.253       0.0.0.0/0            tcp dpts:5060:5069
ACCEPT     tcp  --  89.117.249.253       0.0.0.0/0            multiport dports 80,9080
ACCEPT     tcp  --  89.117.249.253       0.0.0.0/0            tcp dpt:9001
ACCEPT     tcp  --  89.117.249.253       0.0.0.0/0            tcp dpt:21
ACCEPT     udp  --  89.117.249.253       0.0.0.0/0            udp dpt:69
ACCEPT     tcp  --  89.117.249.253       0.0.0.0/0            multiport dports 22,9022
ACCEPT     all  --  8.8.8.8              0.0.0.0/0
ACCEPT     all  --  89.117.249.253       0.0.0.0/0
ACCEPT     all  --  89.116.249.253       0.0.0.0/0
ACCEPT     all  --  64.2.142.187         0.0.0.0/0
ACCEPT     all  --  64.2.142.215         0.0.0.0/0
ACCEPT     all  --  64.2.142.190         0.0.0.0/0
ACCEPT     all  --  64.2.142.17          0.0.0.0/0
ACCEPT     all  --  64.2.142.216         0.0.0.0/0
ACCEPT     all  --  64.2.142.111         0.0.0.0/0
ACCEPT     all  --  64.2.142.87          0.0.0.0/0
ACCEPT     all  --  64.2.142.109         0.0.0.0/0
ACCEPT     all  --  64.2.142.188         0.0.0.0/0
ACCEPT     all  --  64.2.142.106         0.0.0.0/0
ACCEPT     all  --  64.2.142.189         0.0.0.0/0
ACCEPT     all  --  64.2.142.107         0.0.0.0/0
ACCEPT     all  --  64.2.142.9           0.0.0.0/0
ACCEPT     all  --  66.241.99.194        0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[email protected]:~#
 

unsichtbarre

Member
Joined
May 17, 2009
Messages
116
Reaction score
2
Thanks for the assist. service iptables restart seems to have gotten things going. Should I be concerned with this:
Code:
The following whitelisted services were requested for 65.117.249.5:
ALL Services
ln: failed to create symbolic link '/usr/sbin/iptables': File exists
IP address successfully added to WhiteList.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,136
Reaction score
2,627
Not a concern with link failure. BUT... you need to use iptables-restart or portions of the the IPtables whitelist won't get loaded AND fail2ban won't be started.
 

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,367
Messages
137,355
Members
14,575
Latest member
Issue