Skip to content

Questions to Determine

  • What iptables rules are currently active on the server?
  • Is there a DROP or REJECT rule matching traffic to the payment gateway IP or port?
  • In which chain (INPUT, OUTPUT, FORWARD) is the blocking rule?
  • What is the rule order and does a DROP appear before an ACCEPT that should match?
  • Were nftables or firewalld rules also modified?
  • Can the server establish a TCP connection to the gateway IP on port 443 (bypassing DNS)?
  • Does strace on the connect() syscall show ETIMEDOUT or ECONNREFUSED?
  • What changes did the security team make and were they documented?