here screen of my firewall rules.
here iptables-restore-input file:
Last login: Mon Jun 25 20:21:25 on console
iMac:~ sava099$ ssh root@srv.postos.org -p 44022
The authenticity of host ‘[srv.postos.org]:44022 ([198.100.147.33]:44022)’ can’t be established.
ECDSA key fingerprint is SHA256:kS4n/saFZpJSYA0wmxmzj2kyfuL60CoPmvHz/p0sI9E.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[srv.postos.org]:44022,[198.100.147.33]:44022’ (ECDSA) to the list of known hosts.
root@srv.postos.org’s password:
Last login: Mon Jun 25 13:47:37 2018 from 77.105.161.38
************ Welcome to NethServer ************
This is a NethServer installation.
Before editing configuration files, be aware
of the automatic events and templates system.
http://docs.nethserver.org
[root@srv ~]# nano /var/lib/shorewall/.iptables-restore-input
GNU nano 2.3.1 File: /var/lib/shorewall/.iptables-restore-input
Generated by Shorewall 5.1.10.2 - Mon Jun 25 13:40:49 MSK 2018
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p 17 --dport 10080 -j CT --helper amanda
-A PREROUTING -p 6 --dport 21 -j CT --helper ftp
-A PREROUTING -p 17 --dport 1719 -j CT --helper RAS
-A PREROUTING -p 6 --dport 1720 -j CT --helper Q.931
-A PREROUTING -p 6 --dport 6667 -j CT --helper irc
-A PREROUTING -p 17 --dport 137 -j CT --helper netbios-ns
-A PREROUTING -p 6 --dport 1723 -j CT --helper pptp
-A PREROUTING -p 6 --dport 6566 -j CT --helper sane
-A PREROUTING -p 17 --dport 5060 -j CT --helper sip
-A PREROUTING -p 17 --dport 161 -j CT --helper snmp
-A PREROUTING -p 17 --dport 69 -j CT --helper tftp
-A OUTPUT -p 17 --dport 10080 -j CT --helper amanda
-A OUTPUT -p 6 --dport 21 -j CT --helper ftp
-A OUTPUT -p 17 --dport 1719 -j CT --helper RAS
-A OUTPUT -p 6 --dport 1720 -j CT --helper Q.931
-A OUTPUT -p 6 --dport 6667 -j CT --helper irc
-A OUTPUT -p 17 --dport 137 -j CT --helper netbios-ns
-A OUTPUT -p 6 --dport 1723 -j CT --helper pptp
-A OUTPUT -p 6 --dport 6566 -j CT --helper sane
-A OUTPUT -p 17 --dport 5060 -j CT --helper sip
-A OUTPUT -p 17 --dport 161 -j CT --helper snmp
-A OUTPUT -p 17 --dport 69 -j CT --helper tftp
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -j MARK --set-mark 0/0xf0000
COMMIT
*filter
:INPUT DROP [0:0]
[ Read 148 lines ]
^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur Pos
^X Exit ^J Justify ^W Where Is ^V Next Page ^U UnCut Text ^T To Spell
shorewall debug restart
shorewall debug restart
Compiling using Shorewall 5.1.10.2…
Processing /etc/shorewall/params …
Processing /etc/shorewall/shorewall.conf…
Compiling /etc/shorewall/zones…
Compiling /etc/shorewall/interfaces…
Compiling /etc/shorewall/hosts…
Determining Hosts in Zones…
Locating Action Files…
Compiling /etc/shorewall/policy…
Running /etc/shorewall/initdone…
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering…
Compiling Kernel Route Filtering…
Compiling Martian Logging…
Compiling MAC Filtration – Phase 1…
Compiling /etc/shorewall/rules…
Compiling /etc/shorewall/conntrack…
Compiling MAC Filtration – Phase 2…
Applying Policies…
Generating Rule Matrix…
Optimizing Ruleset…
Creating iptables-restore input…
Compiling /etc/shorewall/stoppedrules…
Shorewall configuration compiled to /var/lib/shorewall/.restart
Shorewall is not running
Starting Shorewall…
Initializing…
Processing /etc/shorewall/init …
Processing /etc/shorewall/tcclear …
Setting up Route Filtering…
Setting up Martian Logging…
Setting up Proxy ARP…
Setting up Traffic Control…
Processing /etc/shorewall/tcstart …
FireQOS 3.1.5
© 2013-2014 Costa Tsaousis, GPL
Clearing all QoS on all interfaces…
sit0: cleared traffic control
ip6tnl0: cleared traffic control
ifb0: cleared traffic control
teql0: cleared traffic control
dummy0: cleared traffic control
bond0: cleared traffic control
ifb1: cleared traffic control
gretap0: cleared traffic control
tunl0: cleared traffic control
eth0: cleared traffic control
gre0: cleared traffic control
- removed all IFB devices
- cleared FireQOS status
FireQOS 3.1.5
© 2013-2014 Costa Tsaousis, GPL
Traffic is classified:
- on 0 interfaces
- to 0 classes
- by 0 FireQOS matches
0 TC commands executed
All Done! Enjoy…
bye…
Preparing iptables-restore input…
Running debug_restore_input…
iptables: No chain/target/match by that name.
ERROR: Command “/sbin/iptables --wait -t raw -A PREROUTING -p 17 --dport 10080 -j CT --helper amanda” Failed
Processing /etc/shorewall/stop …
Processing /etc/shorewall/tcclear …
Preparing iptables-restore input…
Running debug_restore_input…
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped …
/usr/share/shorewall/lib.common: line 93: 17385 Terminated $SHOREWALL_SHELL $script options @