I’m having this issue with a new Centos 7 VPS and looks like it’s to do with the OpenVZ container.
The server starts with all ports except 22 and 80 closed and iptables enabled, but NOT active because the default iptables file (/etc/sysconfig/iptables/) fails on line 14 (the commit line). This is the entire file:
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
there's a blank line here
The COMMIT line is line 14, but I’ve tried adding commit between each rule (after each -A INPUT” rule) and it fails at the first rule.
Can only get iptables to run via the “service iptables save” command which results in iptables running, but no rules saved.
# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
The weird thing is ports 22 and 80 are open even when iptables is disabled at boot or has no rules.
I’ve tried disabling iptables and rebooting and ports 22 and 80 are still open, everything else blocked.
Firewalld wasn’t installed, after disabling iptables and installing firewalld
# sudo firewall-cmd --state
# firewall-cmd --set-default-zone=public
Warning: ZONE_ALREADY_SET: public
# sudo systemctl status firewalld -l
ï¿½ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2016-12-30 17:49:36 UTC; 14min ago
Main PID: 698 (firewalld)
ï¿½ï¿½698 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Dec 30 17:49:36 s######.secureserver.net firewalld: WARNING: ipset not usable, disabling ipset usage in firewall.
Dec 30 17:49:36 s######..secureserver.net firewalld: WARNING: ip6tables not usable, disabling IPv6 firewall.
Dec 30 17:49:36 s######..secureserver.net firewalld: WARNING: '/usr/sbin/iptables-restore -n' failed:
Dec 30 17:49:36 s######..secureserver.net firewalld: WARNING: '/usr/sbin/ebtables-restore --noflush' failed:
Dec 30 17:49:36 s######..secureserver.net firewalld: ERROR: COMMAND_FAILED
Dec 30 17:50:41 s######..secureserver.net firewalld: ERROR: ZONE_ALREADY_SET: public
The "sudo ifconfig" command outputs "sudo: ifconfig: command not found"
At this point I’m stuck.
I know iptables isn’t working as it should and firewalld when installed says it’s not running.
To confuse things even further I’m trying to install Virtualmin and it installs and opens ports for MYSQL and Usermin (port 20000), but fails to open other ports for Webmin (10000), POP3, FTP…
Godaddy support are useless, they don’t appear to understand the concept that the server is starting with a fault in the iptables setup.
What I’d really like to know is how ports 22 and 80 are open when iptables and firewalld aren’t enabled? Is there another firewall built into Godaddy servers by default???
There’s also some info about the iptables issue at https://www.centos.org/forums/viewtopic.php?f=51&t=54469
More Comments on Godaddy VPS by SEO Gold Coast Services
Installing Virtualmin On Centos 7 with Iptables/Ip6tables Disabled
Finally figured it out.
Still haven’t a clue how the ports are opening etc… with iptables/ip6tables disabled (masked) in Centos 7, but I got …
How to Open Ports on a Godaddy VPS Server Running Centos 7 OpenVZ
I think the new Godaddy VPS hates me.
Figured out why iptables was throwing out an error on line …
More Comments by SEO Gold Coast Services
In my experience there’s very little if any risk in mass unfollowing.
I have Twitter accounts with tens of thousands of followers and tend to mass unfollow on an irregular basis …
I’m glad you asked this question, I’d not realised there was an error in my VPS server setup!
I recently moved to a new VPS server and there was a new …
Most likely Google alone.
Google trusts what they are told via the defamation reports, there doesn’t appear to be any detailed checking on Google’s part!
So if someone makes a credible defamation …
SEO tools like SEOptimer are generally not very good, they are built by programmers who are human and they make mistakes, so I’d take the SEOptimer Usability Device Rendering F …
When you said “I apply most of the tricks talked about in this article” does that mean you are following at least 400 Twitter accounts everyday and unfollowing them all …
This is a Camping World Biloxi SEO test.
The Camping World Biloxi Google search phrase sees around 1,900 searches a month, a number 1 Google listing for Camping World Biloxi would …
Regarding GTmetrix speed testing you have to take into account hosting location when comparing 2 websites targeting different countries.
My SEO Gold site which mostly targets the UK market is hosted …