Disclaimer: I am not an admin, but a programmer, who did not use iptable that much yet.
I am using mod_jk with AJP13 for directing certain data traffic from Apache to Tomcat. Additionally I am trying to be pretty specific in the firewall rules on the server.
I am talking about localhost -> localhost traffic here, only incoming connections for ports like :443 or :22 should be accepted by the firewall without specifying the interface for them there.
Currently I am using this rule
$ sudo iptables -L -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
7 358 1702K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
(Pretty much traffic is handled by this rule, when I read the line correctly: 1702K bytes, the highest number for all rules.) What does this rule mean in detail and why is it enabling this kind of traffic, because of state RELATED?
When I disable this rule, other rules for the Ports of Apache and Tomcat are not applied and users (or their requests) run into timeouts.
My rule for this:
num pkts bytes target prot opt in out source destination
9 0 0 ACCEPT tcp -- lo any anywhere anywhere tcp dpt:8009
It is not in use right?
Even a much less specific rule for the interface lo does not work. I have added it with iptables -I INPUT 15 -i lo -m conntrack --ctstate ESTABLISHED,RELATED -p tcp -j ACCEPT.
What am I doing wrong here, do I need to add an AJP chain or a different protocol for my rule?
