Cannot print until I flush iptables

[The Cog]

You can use the command sudo iptables-save to see what the current rule set is. You can save this to a file to do before/after comparisons like this:

Code:

sudo iptables-save > before.txt
iptables-restore /etc/iptables/rules.v4
sudo iptables-save > after.txt

Of course, the contents of after.txt should match the contents of /etc/iptables/rules.v4 but you might want to check that too.

[TheFu]

meld is a handy tool to visually compare two text files.
If you are on a server without any GUI, use sdiff file1 file2 for a side-by-side diff.

People sometimes forget all the built-in text file and text processing tools that are built into every Unix-like OS. There must be 100+ text processing, comparison, tools on your system already.

This is partially why Unix people don't like using databases to store stuff. If the data is inside a text file, we can parse, slurp, re-order, sort, search, exclude, chop, swap, the data inside easily. Most of these things are easily handled with just a few tools "piped" together. More complex data can be handled with perl, python, ruby scripts that aren't too long.

[manorbarndavid2]

It would seem to be a problem with iptables-persistent. I checked the status, and it couldn't find the service. I tried to re-intstall, and it tells me the latest version is already installed. The netfilter-persistent service was active.

[SeijiSensei]

i don't see how we can really help if you don't post the complete ruleset.

Code:

sudo iptables -L -vn
sudo iptables -t nat -L -vn

[The Cog]

Are you using nftables instead of iptables? Does this command output anything?

Code:

sudo nft list ruleset

[manorbarndavid2]

It looks as though iptables-persistent might be the problem. I systemctl status and it told me it me the service was not found. I did apt install and that said it was already the latest version. netfilter-persistent service was active.

[manorbarndavid2]

Thank you I will try both of those

[The Cog]

It may be that your installation is using nftables rather than the legacy iptables, and therefore using iptables->nftables compatibility translation when you enter iptables commands. That would explain why nftables-persistent is running.
So I think it would be a good idea to create and compare files containing the output of "nftables list ruleset" and see if the difference is there.

Code:

sudo nftables list ruleset > nft-before.txt
sudo nftables list ruleset > nft-after.txt

I think (from memory) that the nftables rules are saved in /etc/nftables.conf.
You might also check to see whether package iptables-nftables-compat is installed:

Code:

apt search iptables-nftables-compat

[manorbarndavid2]

This is the iptables -L -vn at startup

Code:

Chain INPUT (policy ACCEPT 368 packets, 248K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  302  262K ACCEPT     all  --  enp4s0 *       194.35.233.140       0.0.0.0/0           
   33  6382 DROP       all  --  enp4s0 *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 438 packets, 49639 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  374 63409 ACCEPT     all  --  *      enp4s0  0.0.0.0/0            194.35.233.140      
  125 11893 DROP       all  --  *      enp4s0  0.0.0.0/0            0.0.0.0/0           

Chain ufw-after-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

and this is the iptables -L -vn after restoring from /etc/iptables/rules.v4

Code:

Chain INPUT (policy ACCEPT 19 packets, 1877 bytes)  pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 18 packets, 2045 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

I tried to append the screen shot of Terminal entries but it won't let me post it

[The Cog]

Please use code tags when you paste code like that. It makes a big difference to readability, and preserves indentation which can be critical. While editing, click Go Advanced then you can highlight code and use the "#" button.

The OUTPUT chain before flushing is blocking all outgoing packets. That's wrong. I suggest that you edit /etc/iptables/rules.v4 and delete the lines that add those INPUT rules.

I'm not sure about the interaction between iptables and ufw, but I don't think the saved rules are what ufw would write. So I think you have a conflict between manually edited iptables rules and ufw generated rules. Hopefully someone more familiar with ufw can advise there.