Jump to content

Locked out using iptables


mudmanc4
 Share

Recommended Posts

Since I've not been absent minded enough in the past to actually lock myself out of a server (aside those younger days of 'forgetting the root pass" -- this is a first for me, yes I'm a locked out virgin. Special hey ? 

 

And don't do this if you want continued access via root, or anything else. Sure http and https are available for public facing, but thats it.

So , I ran ---

 

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

 

After saving iptables permanently , opened another shell logged in with the new user also created to take the place of root with the proper permissions, login was fine for that user. 

 

After reboot I realized what I had mistakenly forgotten in the chain. See it ? lol Yes thats right , the ssh port - duh-me ?  And a couple other things that render the hosts reporting scripts locked out, ah yes there it is - dummy lol

 

As I can see it , the only way to get access would be to have host flush iptables from main server node root. Yes, no ? Idea's ?

Link to post
Share on other sites

lol yes. 

 

 Good thing I had a snapshot. As if it mattered, this is a testing environment at the moment. Already back coasting along. I did not bother contacting the host about the non working KVM or to administer the box for me, just scratched it and re imaged. 

 

They use PPTP which afaik is been depreciated, and is insecure, so chances are they simply have not taken it off the options. Kind of false advertising though. If in fact thats the case and not something I don't know. 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...