Also, this just doesn't seem right, but I could be wrong:
why is the 'reject' line in there with a 0/0 destination? doesn't iptables get populated with every subnet from all of the block lists, or am I not comprehending what moblock does?Code:<stop moblock> # iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination <start moblock> # iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination blockcontrol_in all -- 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14 Chain FORWARD (policy ACCEPT) target prot opt source destination blockcontrol_fw all -- 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14 Chain OUTPUT (policy ACCEPT) target prot opt source destination blockcontrol_out all -- 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14 Chain blockcontrol_fw (1 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xa RETURN all -- 0.0.0.0/0 10.11.12.254 RETURN all -- 10.11.12.0/24 10.11.12.0/24 NFQUEUE all -- 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92 Chain blockcontrol_in (1 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xa RETURN all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 10.11.12.0/24 0.0.0.0/0 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 NFQUEUE all -- 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92 Chain blockcontrol_out (1 references) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xa reject-with icmp-port-unreachable RETURN all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 10.11.12.254 RETURN all -- 0.0.0.0/0 10.11.12.0/24 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 NFQUEUE all -- 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92
****
EDIT
****
I disabled the following lists and everything appears to be working ok now:
atma/atma
bluetack/bogon
tbg/bogon
i'm not sure what these lists are supposed to do, but they seem to be messing everything up.
Bookmarks