Join Log in
Score:1
Tofazzal haque avatar Ubuntu

How to unblock my IP from Ubuntu Server 22.04?

ma flag
Tofazzal haque

Here is the output of iptables -L -v in Ubuntu 22.04:

https://pastebin.ubuntu.com/p/47ysNrXCcN/

Chain DENYIN (1 references)
 pkts bytes target     prot opt in     out     source               destination                                                                                                              
  276 14576 DROP       all  --  !lo    any     sylnat-27.147.226.250.link3.net                                                                                                               anywhere

Chain DENYOUT (1 references)
 pkts bytes target     prot opt in     out     source               destination                                                                                                              
    0     0 LOGDROPOUT  all  --  any    !lo     anywhere             sylnat-27.1

If I write:

iptables -D INPUT -s sylnat-27.147.226.250.link3.net -j DROP

The output is: iptables v1.8.7 (nf_tables): host/network sylnat-27.147.226.250.link3.net' not found

If I write:

iptables -D INPUT -s 27.147.226.250 -j DROP

The output is: iptables: Bad rule (does a matching rule exist in that chain?).

121
1 + 2
ip
Raffa avatar
jp flag
Raffa
`iptables -F DENYIN`, `iptables -F DENYOUT`, `iptables -X DENYIN` and `iptables -X DENYOUT` ... In that order to delete those two chains.
1
Reply
Raffa avatar
jp flag
Raffa
Of course you'll need to delete rules referring to those chains first … Then start clean by first allowing your IP and then dropping/rejecting anything else … Rules order matter … Is that what you’re trying to achieve?
1
Reply
Score:2
Raffa avatar Ubuntu
jp flag
Raffa

Whatever I write below can never be enough for you to know all you need regarding ipatebles ... So please read the manual for options and research the internet for the concepts.

It appears that you don't know what you are doing as you don't seem to know what rules actually exist on your system and you don't seem to know the difference between a rule and a chain of rules ... Therefore I would suggest that you remove all existing user rules and start correctly from a clean state.

Your system has two chains of rules that are not empty that I suggest you remove in order to reach a clean state that you actually know and control ... Please, see this demonstration:

$ sudo iptables -N MY_CHAIN
$ sudo iptables -A MY_CHAIN ! -i lo ! -o lo -j REJECT
$ sudo iptables -A INPUT -j MY_CHAIN
$ sudo iptables -A OUTPUT -j MY_CHAIN

... that will block(REJECT packets) all inbound and outbound traffic on all interfaces except the loopback interface which is needed for some important applications on your system to work correctly.

The rules are nested in a chain:

$ sudo iptables -vL MY_CHAIN
Chain MY_CHAIN (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 1457  142K REJECT     all  --  !lo    !lo     anywhere             anywhere             reject-with icmp-port-unreachable

... (2 references) means that two rules are referring to this chain ... You need to find them and delete them first before you can delete the chain ... Find them with something like:

$ sudo iptables -S | grep MY_CHAIN
-N MY_CHAIN
-A INPUT -j MY_CHAIN
-A OUTPUT -j MY_CHAIN
-A MY_CHAIN ! -i lo ! -o lo -j REJECT --reject-with icmp-port-unreachable

... Delete the two rules:

$ sudo iptables -D INPUT -j MY_CHAIN
$ sudo iptables -D OUTPUT -j MY_CHAIN

... Confirm the chain is now empty:

$ sudo iptables -vL MY_CHAIN
Chain MY_CHAIN (0 references)
 pkts bytes target     prot opt in     out     source               destination         
 4740  434K REJECT     all  --  !lo    !lo     anywhere             anywhere             reject-with icmp-port-unreachable

... Flush the chain from the kernel's tables:

$ sudo iptables -F MY_CHAIN

... Delete the now empty chain:

$ sudo iptables -X MY_CHAIN

Do that for the two user chains your system has.

Now decide what you want ... You appear to want to allow connections from and to your IP 27.147.226.250 and block the rest excluding the loopback interface ... If that's what you want, then it can be done in many ways ... I will however demonstrate a way doing that that I think is straight forward and easy to understand ... That is:

$ sudo iptables -A INPUT -s 27.147.226.250 -j ACCEPT
$ sudo iptables -A OUTPUT -d 27.147.226.250 -j ACCEPT
$ sudo iptables -A INPUT ! -i lo -j REJECT
$ sudo iptables -A OUTPUT ! -o lo -j REJECT

Notice that the order of the rules is important as rules are evaluated in order starting from the first and therefore you must allow your IP's traffic before blocking everything's traffic.

+ 1
Tofazzal haque avatar
ma flag
Tofazzal haque
Thanks for the advice.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.