I was looking into securing my server and opened the webmin – Networking – Linux Firewall menu and found that warning:
WARNING! Your current IPtables configuration is invalid : iptables-restore v1.8.2 (nf_tables): Set f2b-dovecot doesn’t exist. Error occurred at line: 45
deb http://deb.debian.org/debian buster-backports main
to
/etc/apt/sources.list
then run a
apt-get update
after it, run the command
apt-get -t buster-backports install "iptables"
it will install IPTABLES 1.8.3 from the Backport-Repo of Debian. Maybe you need to answer the question with a “y”. After it, you need/should restart your server after the installation of IPTABLES 1.8.3. That I think should fix your error
But I would like to fully understand what it does.
I wen to the iptables man an iptables-extensions manual for the --reject-with-icmp-port-unreachable
it reads
REJECT (IPv4-specific)
This is used to send back an error packet in response to the matched
packet: otherwise it is equivalent to DROP so it is a terminating TAR‐
GET, ending rule traversal. This target is only valid in the INPUT,
FORWARD and OUTPUT chains, and user-defined chains which are only
called from those chains. The following option controls the nature of
the error packet returned:
--reject-with type
The type given ... icmp-port-unreachable, ...,
which return the appropriate
ICMP error message
(icmp-port-unreachable is the default).
I understand that -m is for match so I gess -m multiport -m set is to set the jump -j REJECT for all the destination ports 110, 995, 143, 993, 587, 465, 4190 and source IPs that are in the f2b-dovecot set.
If I remove that what are the risk ?
understanding the risk will help me check if I have another rule in the config to mitigate it.