Some script is inserting at my iptables a rule to accept every traffic. That totally invalidate my next rejecting rules.
So is there some way to prevent that the script to add rules or find out the script or source who is inserting that rule?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Your server maybe hacked If it is through the web server, upload directory is the most possible place /tmp, or configured upload directories If it is through SSH, init scripts should be checked
The following command may help: sudo find / -type f -executable -exec grep -il “iptables” {} ; -print
It is hard to recover a compromised server, backup db & user uploaded content, then rebuild the server maybe easier.