Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

IPtables Flush out automatically while stopping an AV process

by |Published

The Iptables in CentOS 7.9 is running the flush command on its own while stop and start a AV process

Logs:

type=PROCTITLE msg=audit(05/13/21 14:27:51.153:26) : proctitle=iptables -F type=SYSCALL msg=audit(05/13/21 14:27:51.153:26) : arch=x86_64 syscall=setsockopt success=yes exit=0 a0=0x4 a1=ip a2=IPT_SO_SET_REPLACE a3=0x24f0600 items=0 ppid=882 pid=960 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/usr/sbin/xtables-multi key=(null) type=PROCTITLE msg=audit(05/13/21 14:27:51.154:27) : proctitle=iptables -F INPUT type=SYSCALL msg=audit(05/13/21 14:27:51.154:27) : arch=x86_64 syscall=setsockopt success=yes exit=0 a0=0x4 a1=ip a2=IPT_SO_SET_REPLACE a3=0x1350600 items=0 ppid=882 pid=981 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/usr/sbin/xtables-multi key=(null) type=PROCTITLE msg=audit(05/13/21 14:27:51.155:28) : proctitle=iptables -F OUTPUT type=SYSCALL msg=audit(05/13/21 14:27:51.155:28) : arch=x86_64 syscall=setsockopt success=yes exit=0 a0=0x4 a1=ip a2=IPT_SO_SET_REPLACE a3=0xcee600 items=0 ppid=882 pid=983 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/usr/sbin/xtables-multi key=(null) type=PROCTITLE msg=audit(05/13/21 14:27:51.156:29) : proctitle=iptables -F FORWARD type=SYSCALL msg=audit(05/13/21 14:27:51.156:29) : arch=x86_64 syscall=setsockopt success=yes exit=0 a0=0x4 a1=ip a2=IPT_SO_SET_REPLACE a3=0x123f600 items=0 ppid=882 pid=985 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/usr/sbin/xtables-multi key=(null) type=PROCTITLE msg=audit(05/13/21 14:27:51.157:30) : proctitle=iptables -F -t mangle type=SYSCALL msg=audit(05/13/21 14:27:51.157:30) : arch=x86_64 syscall=setsockopt success=yes exit=0 a0=0x4 a1=ip a2=IPT_SO_SET_REPLACE a3=0x1a0e850 items=0 ppid=882 pid=987 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/usr/sbin/xtables-multi key=(null) type=PROCTITLE msg=audit(05/13/21 14:27:51.159:31) : proctitle=iptables -F -t nat type=SYSCALL msg=audit(05/13/21 14:27:51.159:31) : arch=x86_64 syscall=setsockopt success=yes exit=0 a0=0x4 a1=ip a2=IPT_SO_SET_REPLACE a3=0x1361720 items=0 ppid=882 pid=989 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/usr/sbin/xtables-multi key=(null) type=PROCTITLE msg=audit(05/13/21 14:27:51.370:32) : proctitle=iptables -A FORWARD -p icmp –icmp-type 8 -m limit –limit 3/second -j ACCEPT type=SYSCALL msg=audit(05/13/21 14:27:51.370:32) : arch=x86_64 syscall=setsockopt success=yes exit=0 a0=0x4 a1=ip a2=IPT_SO_SET_REPLACE a3=0x1310500 items=0 ppid=882 pid=995 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/usr/sbin/xtables-multi key=(null) type=PROCTITLE msg=audit(05/13/21 14:27:51.372:33) : proctitle=iptables -A FORWARD -p tcp –syn -m limit –limit 1/s -j ACCEPT type=SYSCALL msg=audit(05/13/21 14:27:51.372:33) : arch=x86_64 syscall=setsockopt success=yes exit=0 a0=0x4 a1=ip a2=IPT_SO_SET_REPLACE a3=0x1239550 items=0 ppid=882 pid=1025 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/usr/sbin/xtables-multi key=(null)

You may also like