Question

Is it possible to lock iptables?

  • Posted August 4, 2014

Some script is inserting at my iptables a rule to accept every traffic. That totally invalidate my next rejecting rules.

So is there some way to prevent that the script to add rules or find out the script or source who is inserting that rule?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Your server maybe hacked If it is through the web server, upload directory is the most possible place /tmp, or configured upload directories If it is through SSH, init scripts should be checked

The following command may help: sudo find / -type f -executable -exec grep -il “iptables” {} ; -print

It is hard to recover a compromised server, backup db & user uploaded content, then rebuild the server maybe easier.