iptables allow all:
iptables -P INPUT ACCEPT && iptables -P FORWARD ACCEPT && iptables -P OUTPUT ACCEPT && iptables -t nat -F && iptables -t mangle -F && iptables -F && iptables -X
iptables-save > /etc/iptables/all_rules
iptables -C -INPUT -s 1.1.1.1 -j ACCEPT || iptables -A -INPUT -s 1.1.1.1 -j ACCEPT
The firewall on this server is blocking your connection
csf -df
Simulate delayed and dropped packets
iptables -A INPUT -m statistic --mode random --probability 0.01 -j DROP
rmmod nf_nat_ftp
rmmod nf_conntrack_ftp
modprobe nf_conntrack_ftp ports=21,1021
modprobe nf_nat_ftp
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.100:80
iptables -t nat -A POSTROUTING -j MASQUERADE
firewall-cmd --zone=public --add-masquerade
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -s xx.xx.xx.xx/32-p tcp -m multiport --dports 25,587,465 -j LOG --log-prefix "FORWARD:DROP:" --log-level 6
-A FORWARD -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 465 -m limit --limit 1/sec -j ACCEPT
-A FORWARD -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 587 -m limit --limit 1/sec -j ACCEPT
-A FORWARD -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 25 -m limit --limit 1/sec -j ACCEPT
-A FORWARD -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 465 -j DROP
-A FORWARD -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 587 -j DROP
-A FORWARD -s xx.xx.xx.xx/32 -p tcp -m tcp --dport 25 -j DROP
iptables -t nat -A POSTROUTING -j MASQUERADE
vi /etc/csf/csf.conf
check TCP_IN and TCP_OUT port list and restart csf -r
csf -a IP
csf -a IP/24
iptables -A INPUT -p tcp –dport 80 -m string –string ‘WordPress’ –algo kmp -j DROP
or
iptables -N WordPress-PingVerify
iptables -I INPUT -p tcp –dport 80 -m string –to 70 –algo bm –string ‘GET /’ -j WordPress-PingVerify
iptables -A WordPress-PingVerify -p tcp –dport 80 -m string –to 80 –algo bm ! –string ‘User-Agent: WordPress/’ -j RETURN
iptables -A WordPress-PingVerify -p tcp –dport 80 -m string –to 300 –algo bm –string ‘verifying pingback from’ -j DROP
iptables -A WordPress-PingVerify -j RETURN
or
iptables -N WordPress-PingBacks
iptables -I INPUT -p tcp –dport 80 -m string –to 70 –algo bm –string ‘GET /’ -j WordPress-PingBacks
iptables -A WordPress-PingBacks -p tcp –dport 80 -m string –to 80 –algo bm ! –string ‘User-Agent: WordPress/’ -j RETURN
iptables -A WordPress-PingBacks -p tcp –dport 80 -j DROP
iptables -A WordPress-PingBacks -j RETURN
/scripts/smtpmailgidonly on
SMTP Mail protection has been disabled. All users may make smtp connections.
There was a problem setting up iptables. You either have an older kernel or a broken iptables install, or ipt_owner could not be loaded.
cat /proc/net/ip_tables_matches | grep owner
modprobe xt_owner
/scripts/smtpmailgidonly on
SMTP Mail protection has been enabled.
All outbound SMTP connections will be redirected to localhost except:
uid is root (ports: 25,26,465,587)
uid is cpanel (ports: 25,26,465,587)
gid is mail (ports: 25,26,465,587)
gid is mailman (ports: 25,26,465,587)
iptables -A INPUT -s 192.100.165.0/24 -j DROP
iptables -A INPUT -s 192.10.0.0/16 -j DROP
iptables -A INPUT -s 192.0.0.0/8 -j DROP
iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable