The REJECT rule in iptables is as shown below
/etc/sysconfig/iptables>>
-A INPUT -s 10.110.110.52 -d 10.110.110.53 -p tcp -m tcp --dport 7800 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -s 10.110.110.53 -d 10.110.110.52 -p tcp -m tcp --dport 7800 -j REJECT --reject-with icmp-port-unreachable
[/CODE]
in the scripts i am using, commands to create and delte firewall as below
DeleteFirewall.sh>>
/sbin/iptables -D OUTPUT -p tcp --dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -D OUTPUT -p tcp --sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -D OUTPUT -p tcp --dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -D OUTPUT -p tcp --sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
Createfirewall.sh>>
/sbin/iptables -I INPUT -p tcp --dport 7800 -s ${peerip}/32 -d ${myip}/32 -j REJECT
/sbin/iptables -I INPUT -p tcp --sport 7800 -s ${peerip}/32 -d ${myip}/32 -j REJECT
/sbin/iptables -I OUTPUT -p tcp --dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -I OUTPUT -p tcp --sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
DisArmServer.sh>>
/sbin/iptables -I INPUT 1 -p tcp --sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT
if [ ! -z $JPORT ]; then
/sbin/iptables -I INPUT 1 -p udp -m multiport --source-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
/sbin/iptables -I INPUT 1 -p udp -m multiport --destination-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
fi
/sbin/iptables -I OUTPUT 1 -p tcp --sport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECT
if [ ! -z $JPORT ]; then
/sbin/iptables -I OUTPUT 1 -p udp -m multiport --source-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
/sbin/iptables -I OUTPUT 1 -p udp -m multiport --destination-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
fi
ReArm.sh>>
/sbin/iptables -D INPUT -p tcp --sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT
if [ ! -z $JPORT ]; then
logger -s -p info "${SCRIPT_NAME}: Running iptables command: /sbin/iptables -D INPUT -p udp -m multiport \
--source-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP"
/sbin/iptables -D INPUT -p udp -m multiport --source-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
/sbin/iptables -D INPUT -p udp -m multiport --destination-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
fi
/sbin/iptables -D OUTPUT -p tcp --dport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECT
if [ ! -z $JPORT ]; then
/sbin/iptables -D OUTPUT -p udp -m multiport --source-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
/sbin/iptables -D OUTPUT -p udp -m multiport --destination-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
fi
deleteJBCacheFirewall.sh>>
/sbin/iptables -D INPUT -p tcp --sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT
/sbin/iptables -D OUTPUT -p tcp --sport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -D INPUT -p udp -m multiport --source-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
/sbin/iptables -D INPUT -p udp -m multiport --destination-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
/sbin/iptables -D OUTPUT -p udp -m multiport --source-port ${ODPORT},${OEPORT},${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
/sbin/iptables -D OUTPUT -p udp -m multiport --destination-port ${ODPORT},${OEPORT},${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
but none of these scripts written to remove this rule is removing it..
iptables -L -n | grep "7800"REJECT tcp -- 10.110.110.52
10.110.110.53 tcp dpt:7800 reject-with icmp-port-unreachable
REJECT tcp -- 10.110.110.53
10.110.110.52 tcp dpt:7800 reject-with icmp-port-unreachable
and even when creating the rule we are using UDP for multiport but in iptables the rule is shown as multiprt for TCP(p tcp -m tcp --dport )... i am not able to understand where it came form.. any help will be deeply appreciated... 