Hello everyone,
Earlier today I mass updated 32 packages (A bit naive on my part, but I’m trying to put this thing through all I can to better understand functionality and limitations), all was fine until after rebooting the system - at which I was only able to connect via SSH and nothing more.
After going through the logs and not finding much of anything, I discovered that the Firewalld service was blocking pretty much everything, even though I’ve never touched this configuration file.
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
INPUT_direct all – 0.0.0.0/0 0.0.0.0/0
INPUT_ZONES_SOURCE all – 0.0.0.0/0 0.0.0.0/0
INPUT_ZONES all – 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp – 0.0.0.0/0 0.0.0.0/0
REJECT all – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
FORWARD_direct all – 0.0.0.0/0 0.0.0.0/0
FORWARD_IN_ZONES_SOURCE all – 0.0.0.0/0 0.0.0.0/0
FORWARD_IN_ZONES all – 0.0.0.0/0 0.0.0.0/0
FORWARD_OUT_ZONES_SOURCE all – 0.0.0.0/0 0.0.0.0/0
FORWARD_OUT_ZONES all – 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp – 0.0.0.0/0 0.0.0.0/0
REJECT all – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all – 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all – 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all – 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (1 references)
target prot opt source destination
FWDI_public_log all – 0.0.0.0/0 0.0.0.0/0
FWDI_public_deny all – 0.0.0.0/0 0.0.0.0/0
FWDI_public_allow all – 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDO_public (1 references)
target prot opt source destination
FWDO_public_log all – 0.0.0.0/0 0.0.0.0/0
FWDO_public_deny all – 0.0.0.0/0 0.0.0.0/0
FWDO_public_allow all – 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references)
target prot opt source destination
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all – 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_public (1 references)
target prot opt source destination
IN_public_log all – 0.0.0.0/0 0.0.0.0/0
IN_public_deny all – 0.0.0.0/0 0.0.0.0/0
IN_public_allow all – 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
If you are having this issue, simply stop the firewall service
-service firewalld stop
Check IP tables again
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I’ll need to read up iptables a bit to properly configure the firewall before using it myself, but if anyone is having this issue and you have ran out of ideas, try this.