[svlug] Debugging (tracing?) iptables rules and chains

Robert Freiberger rfreiberger at gmail.com
Wed May 29 20:31:51 PDT 2019

Hello everyone,

I've been puzzled at work allowing access for SSH into one of our systems.
The system in question is running OpenVZ, so there are a few
containers/VM's running and one of the containers I need to access SSH from
another external machine. The issue is I'm not entirely sure how the access
is given since there are multiple chains and rules, plus some scripts that
apply the rules through Puppet.

Given that I'm not certain on iptables rules, is there a recommended way of
reverse engineering the chains? Most of what I'm reading describes viewing
the rules and following it step by step, but how does this work with
/etc/hosts.allow/deny or when working with a nested system like containers
or VM's?


Robert Freiberger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20190529/84791c8c/attachment.htm

More information about the svlug mailing list