iptables -L odd chain allow including Amazon ec2
Hello.
I hope everyone is safe and healthy.
On my cpanel running ConfigServer when I issue command iptables -L, I see the following and wondering why they are there. Other entries seem normal:
Chain ALLOWIN (1 references)
target prot opt source destination
ACCEPT tcp -- ec2-34-254-37-129.eu-west-1.compute.amazonaws.com anywhere tcp dpt:pcsync-https
ACCEPT tcp -- ec2-34-254-37-129.eu-west-1.compute.amazonaws.com anywhere tcp dpt:https
ACCEPT tcp -- ec2-34-254-37-129.eu-west-1.compute.amazonaws.com anywhere tcp dpt:http
ACCEPT tcp -- ec2-52-213-169-7.eu-west-1.compute.amazonaws.com anywhere tcp dpt:pcsync-https
ACCEPT tcp -- ec2-52-213-169-7.eu-west-1.compute.amazonaws.com anywhere tcp dpt:https
ACCEPT tcp -- ec2-52-213-169-7.eu-west-1.compute.amazonaws.com anywhere tcp dpt:http
ACCEPT tcp -- ec2-52-51-23-204.eu-west-1.compute.amazonaws.com anywhere tcp dpt:pcsync-https
ACCEPT tcp -- ec2-52-51-23-204.eu-west-1.compute.amazonaws.com anywhere tcp dpt:https
ACCEPT tcp -- ec2-52-51-23-204.eu-west-1.compute.amazonaws.com anywhere tcp dpt:http
ACCEPT tcp -- no-dns-yet.ccanet.co.uk anywhere tcp dpt:domain
ACCEPT tcp -- no-dns-yet.ccanet.co.uk anywhere tcp dpt:https
ACCEPT tcp -- no-dns-yet.ccanet.co.uk anywhere tcp dpt:http
ACCEPT tcp -- no-dns-yet.ccanet.co.uk anywhere tcp dpt:domain
ACCEPT tcp -- no-dns-yet.ccanet.co.uk anywhere tcp dpt:https
ACCEPT tcp -- no-dns-yet.ccanet.co.uk anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere match-set chain_ALLOW src
-
I think those are in /etc/csf/cpanel.allow 0 -
Ah, yes. I wouldn't have guessed that cpanel access would be originating from an Amazon ip address. . . 0 -
SOLVED: cpanel uses Amazon ip addresses for access, I discovered. Unfortunately, a lot of bad ip's associated with Amazon I'm getting scanned by them all the time. 0 -
I'm happy to hear this was resolved! 0
Please sign in to leave a comment.
Comments
4 comments