iptables not blocking ports
For some reason, iptables isn’t blocking ports on a droplet, when the exact same rules work fine on a VirtualBox VM. The output from
iptables -S is:
root@public:~# iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -j DROP
This is modelled exactly on the tutorial at https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04, with a small change to the
conntrack line due to Ansible’s iptables module kind of doing that whether I liked it or not.
But that’s not a helpful explanation, since the behaviour of the exact same rule set on Debian 8 is so very different.
Any ideas why this doesn’t block on a droplet, i.e., even with these iptables in place, a telnet command to port 554 will connect.