> Для начала посмотрите вывод iptables -L или даже iptables-save -c # iptables-save -c
# Generated by iptables-save v1.4.21 on Mon Jun 15 08:31:24 2015
*nat
:PREROUTING ACCEPT [38453:4777821]
:INPUT ACCEPT [10618:1587980]
:OUTPUT ACCEPT [160069:11442753]
:POSTROUTING ACCEPT [160069:11442753]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_ZONES_SOURCE - [0:0]
:POSTROUTING_direct - [0:0]
:POST_public - [0:0]
:POST_public_allow - [0:0]
:POST_public_deny - [0:0]
:POST_public_log - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
[38453:4777821] -A PREROUTING -j PREROUTING_direct
[38453:4777821] -A PREROUTING -j PREROUTING_ZONES_SOURCE
[38453:4777821] -A PREROUTING -j PREROUTING_ZONES
[160069:11442753] -A OUTPUT -j OUTPUT_direct
[160069:11442753] -A POSTROUTING -j POSTROUTING_direct
[160069:11442753] -A POSTROUTING -j POSTROUTING_ZONES_SOURCE
[160069:11442753] -A POSTROUTING -j POSTROUTING_ZONES
[160069:11442753] -A POSTROUTING_ZONES -g POST_public
[160069:11442753] -A POST_public -j POST_public_log
[160069:11442753] -A POST_public -j POST_public_deny
[160069:11442753] -A POST_public -j POST_public_allow
[38453:4777821] -A PREROUTING_ZONES -g PRE_public
[38453:4777821] -A PRE_public -j PRE_public_log
[38453:4777821] -A PRE_public -j PRE_public_deny
[38453:4777821] -A PRE_public -j PRE_public_allow
COMMIT
# Completed on Mon Jun 15 08:31:24 2015
# Generated by iptables-save v1.4.21 on Mon Jun 15 08:31:24 2015
*mangle
:PREROUTING ACCEPT [1116640:505751673]
:INPUT ACCEPT [1112164:505507709]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1083117:192573199]
:POSTROUTING ACCEPT [1090267:194248813]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
[1116640:505751673] -A PREROUTING -j PREROUTING_direct
[1116640:505751673] -A PREROUTING -j PREROUTING_ZONES_SOURCE
[1116640:505751673] -A PREROUTING -j PREROUTING_ZONES
[1112164:505507709] -A INPUT -j INPUT_direct
[0:0] -A FORWARD -j FORWARD_direct
[1083117:192573199] -A OUTPUT -j OUTPUT_direct
[1090267:194248813] -A POSTROUTING -j POSTROUTING_direct
[1116640:505751673] -A PREROUTING_ZONES -g PRE_public
[1116640:505751673] -A PRE_public -j PRE_public_log
[1116640:505751673] -A PRE_public -j PRE_public_deny
[1116640:505751673] -A PRE_public -j PRE_public_allow
COMMIT
# Completed on Mon Jun 15 08:31:24 2015
# Generated by iptables-save v1.4.21 on Mon Jun 15 08:31:24 2015
*security
:INPUT ACCEPT [1088400:502535856]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1083117:192573199]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
[1088400:502535856] -A INPUT -j INPUT_direct
[0:0] -A FORWARD -j FORWARD_direct
[1083117:192573199] -A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Mon Jun 15 08:31:24 2015
# Generated by iptables-save v1.4.21 on Mon Jun 15 08:31:24 2015
*raw
:PREROUTING ACCEPT [1116641:505752160]
:OUTPUT ACCEPT [1083118:192573714]
:OUTPUT_direct - [0:0]
:PREROUTING_direct - [0:0]
[1116641:505752160] -A PREROUTING -j PREROUTING_direct
[1083118:192573714] -A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Mon Jun 15 08:31:24 2015
# Generated by iptables-save v1.4.21 on Mon Jun 15 08:31:24 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1083117:192573199]
:FORWARD_IN_ZONES - [0:0]
:FORWARD_IN_ZONES_SOURCE - [0:0]
:FORWARD_OUT_ZONES - [0:0]
:FORWARD_OUT_ZONES_SOURCE - [0:0]
:FORWARD_direct - [0:0]
:FWDI_public - [0:0]
:FWDI_public_allow - [0:0]
:FWDI_public_deny - [0:0]
:FWDI_public_log - [0:0]
:FWDO_public - [0:0]
:FWDO_public_allow - [0:0]
:FWDO_public_deny - [0:0]
:FWDO_public_log - [0:0]
:INPUT_ZONES - [0:0]
:INPUT_ZONES_SOURCE - [0:0]
:INPUT_direct - [0:0]
:IN_public - [0:0]
:IN_public_allow - [0:0]
:IN_public_deny - [0:0]
:IN_public_log - [0:0]
:OUTPUT_direct - [0:0]
[1049765:496988215] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[2395:260036] -A INPUT -i lo -j ACCEPT
[60005:8259945] -A INPUT -j INPUT_direct
[60005:8259945] -A INPUT -j INPUT_ZONES_SOURCE
[60005:8259945] -A INPUT -j INPUT_ZONES
[6869:402874] -A INPUT -p icmp -j ACCEPT
[23765:2972340] -A INPUT -j REJECT --reject-with icmp-host-prohibited
[0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -i lo -j ACCEPT
[0:0] -A FORWARD -j FORWARD_direct
[0:0] -A FORWARD -j FORWARD_IN_ZONES_SOURCE
[0:0] -A FORWARD -j FORWARD_IN_ZONES
[0:0] -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
[0:0] -A FORWARD -j FORWARD_OUT_ZONES
[0:0] -A FORWARD -p icmp -j ACCEPT
[0:0] -A FORWARD -j REJECT --reject-with icmp-host-prohibited
[1083118:192573714] -A OUTPUT -j OUTPUT_direct
[0:0] -A FORWARD_IN_ZONES -g FWDI_public
[0:0] -A FORWARD_OUT_ZONES -g FWDO_public
[0:0] -A FWDI_public -j FWDI_public_log
[0:0] -A FWDI_public -j FWDI_public_deny
[0:0] -A FWDI_public -j FWDI_public_allow
[0:0] -A FWDO_public -j FWDO_public_log
[0:0] -A FWDO_public -j FWDO_public_deny
[0:0] -A FWDO_public -j FWDO_public_allow
[60004:8259458] -A INPUT_ZONES -g IN_public
[60004:8259458] -A IN_public -j IN_public_log
[60004:8259458] -A IN_public -j IN_public_deny
[60004:8259458] -A IN_public -j IN_public_allow
[0:0] -A IN_public_allow -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
[12331:993120] -A IN_public_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT
[13254:3127822] -A IN_public_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT
[34:1632] -A IN_public_allow -p tcp -m tcp --dport 139 -m conntrack --ctstate NEW -j ACCEPT
[0:0] -A IN_public_allow -p tcp -m tcp --dport 445 -m conntrack --ctstate NEW -j ACCEPT
[138:7992] -A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
[140:8088] -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
[0:0] -A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
[0:0] -A IN_public_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT
[0:0] -A IN_public_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT
[0:0] -A IN_public_allow -p tcp -m tcp --dport 5001 -m conntrack --ctstate NEW -j ACCEPT
[41:3047] -A IN_public_allow -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT
[3433:743030] -A IN_public_allow -p udp -m udp --dport 162 -m conntrack --ctstate NEW -j ACCEPT
COMMIT
# Completed on Mon Jun 15 08:31:24 2015
А разве firealld и iptables не разные вещи
В iptables раньше было так и все понятно
# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-FTP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-BadBots (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-FTP (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-PBX-GUI (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-SIP (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Вариант для распечатки
on 13-Июн-15, 12:26 
