I figure out, that my ip phone cannot connect to our external PBX. Only when i disable the univention-firewall the connections is possible. So I will find out, what is the reason.
My first step: I list all my FW-Rules - and i see, that much Rules maybe duplicates. Can I delete them?
root@ucs002040:~# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 172.17.0.0/16 anywhere tcp dpt:mysql
2 ACCEPT tcp -- 172.16.0.0/16 anywhere tcp dpt:mysql
3 ACCEPT tcp -- 172.17.0.0/16 anywhere tcp dpt:mysql
4 ACCEPT tcp -- 172.16.0.0/16 anywhere tcp dpt:mysql
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 DOCKER-USER all -- anywhere anywhere
2 DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
3 DOCKER-USER all -- anywhere anywhere
4 DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
5 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
6 DOCKER all -- anywhere anywhere
7 ACCEPT all -- anywhere anywhere
8 ACCEPT all -- anywhere anywhere
9 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
10 DOCKER all -- anywhere anywhere
11 ACCEPT all -- anywhere anywhere
12 ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain DOCKER (2 references)
num target prot opt source destination
1 ACCEPT tcp -- anywhere 172.17.0.1 tcp dpt:http
2 ACCEPT tcp -- anywhere 172.17.0.1 tcp dpt:http
Chain DOCKER-ISOLATION-STAGE-1 (2 references)
num target prot opt source destination
1 DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
2 RETURN all -- anywhere anywhere
3 DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
4 RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
num target prot opt source destination
1 DROP all -- anywhere anywhere
2 RETURN all -- anywhere anywhere
3 DROP all -- anywhere anywhere
4 RETURN all -- anywhere anywhere
Chain DOCKER-USER (2 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere
2 RETURN all -- anywhere anywhere
And when I cleanup: how can i log what paket is blocket? Which Rule i must added?