Laying down of postfix rules bricks my VM
rleibman opened this issue · comments
I'm using this cookbook in Centos 6.5 on AWS instances, the postfix recipe ends up at the end and essentially bricks the instance, since I can't access it thnourgh ssh anymore
The resulting /etc/sysconfig/iptables looks like this:
*filter
:INPUT ACCEPT [0,0]
:FORWARD ACCEPT [0,0]
:OUTPUT ACCEPT [0,0]
:FWR -
-A INPUT -j FWR
-A FWR -i lo -j ACCEPT
# Any established connection is money
-A FWR -m state --state RELATED,ESTABLISHED -j ACCEPT
# ICMP
-A FWR -p icmp -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9102 -m comment --comment "Bacula client port" -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7000 -m comment --comment "Cassandra Storage" -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7001 -m comment --comment "Cassandra SSL" -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9160 -m comment --comment "Cassandra RPC" -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9042 -m comment --comment "Cassandra Native Transport" -j ACCEPT
-A OUTPUT -p udp --dport 123 -m comment --comment "ntpd" -j ACCEPT
-A INPUT -p udp --dport 1813 -m comment --comment "radiusd" -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8009 -m comment --comment "tomcat" -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 27017 -m comment --comment "mongo" -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8443 -m comment --comment "https" -j ACCEPT
-A FWR -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A FWR -p udp -j REJECT --reject-with icmp-port-unreachable
COMMIT
Am I missing anything that it should be doing that is not?
You don't have a rule for allowing ssh inbound?