La salida de iptables cae 443 incluso cuando la regla lo permite

tag-icon tag-icon ubuntu iptables port-443
La salida de iptables cae 443 incluso cuando la regla lo permite

La salida de iptables cae 443 incluso cuando la regla lo permite

Estas son mis reglas actuales.

INPUT DROP [2:406]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
:LOGGING - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.1.1/32 -p udp -m udp --sport 53 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.1.1/32 -p tcp -m tcp --sport 53 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.1.129/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j DROP
-A INPUT -i eno1 -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p udp -m udp --dport 443 -j ACCEPT
-A INPUT -p udp -m udp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25565 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25566 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 68 -j DROP
-A INPUT -p udp -m udp --dport 68 -j DROP
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-16c910ec1d5a -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-16c910ec1d5a -j DOCKER
-A FORWARD -i br-16c910ec1d5a ! -o br-16c910ec1d5a -j ACCEPT
-A FORWARD -i br-16c910ec1d5a -o br-16c910ec1d5a -j ACCEPT
-A FORWARD -d 192.168.1.0/24 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eno1 -p tcp -m tcp --sport 3306 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -d 192.168.1.1/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 192.168.1.1/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 8443 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 443 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 25566 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 25565 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -j LOGGING
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-16c910ec1d5a ! -o br-16c910ec1d5a -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-16c910ec1d5a -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: "
-A LOGGING -j DROP

Y este es el registro de la salida.

Aug  2 00:03:59 saitgaming systemd[1]: Started Session 101 of user root.
Aug  2 00:04:14 saitgaming kernel: [84380.438512] IPTables-Dropped: IN= OUT=eno1 SRC=192.168.1.116 DST=143.204.163.105 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=37496 DF PROTO=TCP SPT=45294 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 
Aug  2 00:04:15 saitgaming kernel: [84381.439683] IPTables-Dropped: IN= OUT=eno1 SRC=192.168.1.116 DST=143.204.163.105 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=37497 DF PROTO=TCP SPT=45294 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 
Aug  2 00:04:17 saitgaming kernel: [84383.455730] IPTables-Dropped: IN= OUT=eno1 SRC=192.168.1.116 DST=143.204.163.105 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=37498 DF PROTO=TCP SPT=45294 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 
Aug  2 00:04:21 saitgaming kernel: [84387.487679] IPTables-Dropped: IN= OUT=eno1 SRC=192.168.1.116 DST=143.204.163.105 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=37499 DF PROTO=TCP SPT=45294 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0

Es difícil para mí entenderlo, principalmente porque no tengo suficiente experiencia con iptables, por lo que cualquier ayuda o consejo será muy apreciado.

información relacionada