Cleanup Firewall and log all drop Packets - How can i do it

UCS - Univention Corporate Server
#1

I figure out, that my ip phone cannot connect to our external PBX. Only when i disable the univention-firewall the connections is possible. So I will find out, what is the reason.

My first step: I list all my FW-Rules - and i see, that much Rules maybe duplicates. Can I delete them?

root@ucs002040:~# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  172.17.0.0/16        anywhere             tcp dpt:mysql
2    ACCEPT     tcp  --  172.16.0.0/16        anywhere             tcp dpt:mysql
3    ACCEPT     tcp  --  172.17.0.0/16        anywhere             tcp dpt:mysql
4    ACCEPT     tcp  --  172.16.0.0/16        anywhere             tcp dpt:mysql

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    DOCKER-USER  all  --  anywhere             anywhere
2    DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
3    DOCKER-USER  all  --  anywhere             anywhere
4    DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
5    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
6    DOCKER     all  --  anywhere             anywhere
7    ACCEPT     all  --  anywhere             anywhere
8    ACCEPT     all  --  anywhere             anywhere
9    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
10   DOCKER     all  --  anywhere             anywhere
11   ACCEPT     all  --  anywhere             anywhere
12   ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain DOCKER (2 references)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             172.17.0.1           tcp dpt:http
2    ACCEPT     tcp  --  anywhere             172.17.0.1           tcp dpt:http

Chain DOCKER-ISOLATION-STAGE-1 (2 references)
num  target     prot opt source               destination
1    DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
2    RETURN     all  --  anywhere             anywhere
3    DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
4    RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
num  target     prot opt source               destination
1    DROP       all  --  anywhere             anywhere
2    RETURN     all  --  anywhere             anywhere
3    DROP       all  --  anywhere             anywhere
4    RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (2 references)
num  target     prot opt source               destination
1    RETURN     all  --  anywhere             anywhere
2    RETURN     all  --  anywhere             anywhere

And when I cleanup: how can i log what paket is blocket? Which Rule i must added?

Mastodon