Mysqld 1011 mysql 12u IPv4 602 0t0 TCP localhost:mysql (LISTEN)Įxim4 2001 Debian-exim 3u IPv4 11966 0t0 TCP localhost:smtp (LISTEN)Įxim4 2001 Debian-exim 4u IPv6 11967 0t0 TCP localhost:smtp (LISTEN)Įxim4 2001 Debian-exim 5u IPv4 11968 0t0 TCP :smtp (LISTEN) Sshd 960 root 4u IPv6 566 0t0 TCP *:ssh (LISTEN) Sudo lsof -i -s tcp:listen ( output as requested ) sshd 960 root 3u IPv4 564 0t0 TCP *:ssh (LISTEN) systemd-udevd: renamed network interface eth0 to em1 IPv6: ADDRCONF(NETDEV_UP): em1: link is not readyĭmesg | grep eth0: e1000e 0000:00:19.0 eth0: registered PHC clock This is the only noticeable dmesg after boot, but it doesn't seem related as I'm on IP4, and besides, it works for 1 to 3 days. A OUTPUT -p tcp -m tcp -sport 20 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 9312 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 5900 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 4444 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 3306 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 993 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 465 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 443 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 143 -j ACCEPT #-A OUTPUT -p tcp -m tcp -dport 110 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 53 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 80 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 25 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 22 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 21 -j ACCEPT A OUTPUT -p tcp -m tcp -dport 20 -j ACCEPT A FORWARD -p icmp -m limit -limit 10/sec -j ACCEPT A INPUT -p icmp -m limit -limit 10/sec -j ACCEPT A INPUT -p tcp -m tcp -dport 9312 -j ACCEPT A INPUT -p udp -m udp -dport 5900 -j ACCEPT #-A INPUT -p tcp -m tcp -dport 5900 -j ACCEPT A INPUT -p tcp -d 0/0 -s 0/0 -dport 5900 -j ACCEPT A INPUT -p tcp -m tcp -dport 4444 -j ACCEPT A INPUT -p tcp -m tcp -dport 3306 -j ACCEPT A INPUT -p tcp -m tcp -dport 993 -j ACCEPT A INPUT -p tcp -m tcp -dport 443 -j ACCEPT A INPUT -p tcp -m tcp -dport 143 -j ACCEPT #-A INPUT -p tcp -m tcp -dport 110 -j ACCEPT A INPUT -p tcp -m tcp -dport 53 -j ACCEPT A INPUT -p tcp -m tcp -dport 80 -j ACCEPT A INPUT -p tcp -m tcp -dport 25 -j ACCEPT A INPUT -p tcp -m tcp -dport 22 -j ACCEPT A INPUT -p tcp -m tcp -dport 21 -j ACCEPT A INPUT -p tcp -m tcp -dport 20 -j ACCEPT A INPUT -m recent -update -seconds 90 -hitcount 4 -rttl -name SSH -mask 255.255.255.255 -rsource -j DROP A INPUT -p tcp -m tcp -dport 22 -m state -state NEW -m recent -set -name SSH -mask 255.255.255.255 -rsource A INPUT -m conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT :OUTPUT ACCEPT # <- not sure where this came from? etc/nf ( not set be my, autoset if I understand correct ): nameserver XX.105.28.XX # The following lines are desirable for IPv6 capable hosts Pre-up iptables-restore /etc/iptables.downrules network-manager is not installed (I verified that too). Flush & all ports are not open, just 22, 25 & 80. iptables -S looks fine but for some reason is no longer honored. It worked fine for one to several days, then out of the blue, iptables became meaningless (I noticed FTP and such are down ). I installed Ubuntu Server 64-bit 14.04 a week ago.
0 Comments
Leave a Reply. |