I'm starting to see new IP added to INPUT chain with REJECT "reject-with icmp-port-unreachable" but it's not clear who added them and where I can stop this.
It's not clear which system are creating these rules.
We are not using this kind of rules "REJECT" in our APP, we use only DROP rules.
These ones are a mistery.
Some idea how did they appear here?
–
–
The
REJECT
target rejects the packet. If you do not specify which ICMP message to reject with, the server by default will send back ICMP port unreachable (type 3, code 3).
It would be wise to read the iptables documentation to understand what each action does (-j DROP vs. -j REJECT).
So the firewall you did create is adding those rules for your since you most probably used the
-j REJECT
instead of
-j DROP
flag.
As a basic rule you should use -j REJECT for your local network and -j DROP for the internet traffic that's hitting your server. When using REJECT rules an ICMP packet is sent indicating the port is unavailable. So your server might get exposed.
To answer your question, your own firewall created those rules.
–
Thanks for contributing an answer to Stack Overflow!
-
Please be sure to
answer the question
. Provide details and share your research!
But
avoid
…
-
Asking for help, clarification, or responding to other answers.
-
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our
tips on writing great answers
.
site design / logo © 2019 Stack Exchange Inc; user contributions licensed under
cc by-sa 4.0
with
attribution required
.
rev 2019.9.6.34826
