Iptables problem.. can not reach web ui after saving firewall rules

I installed on ubuntu 20.04 with no errors. I checked iptables and I saw some rules like dns port 53 doesn’t exist.

here is iptables after install;

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-MAIL
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAI L
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A fail2ban-FTP -j RETURN
-A fail2ban-HESTIA -j RETURN
-A fail2ban-MAIL -j RETURN
-A fail2ban-RECIDIVE -j RETURN
-A fail2ban-SSH -j RETURN

I jump to the server / firewall section on hestia cp web ui and click on dns and save it without change anything.

here is the iptables below after save;

-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-MAIL
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-N hestia
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A INPUT -s x.x.x.x/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A fail2ban-FTP -j RETURN
-A fail2ban-HESTIA -j RETURN
-A fail2ban-MAIL -j RETURN
-A fail2ban-RECIDIVE -j RETURN
-A fail2ban-SSH -s 104.248.201.238/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -j RETURN

after save iptables dns rule in firewall section, web ui became unreachable but I can SSH into server. it’s strange because there is a rules which permits port 8083 which is -A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT.

even apt update command fail with this iptables rules above;

Err:1 http://it.archive.ubuntu.com/ubuntu focal InRelease
Temporary failure resolving ‘it.archive.ubuntu.com
Err:2 http://ppa.launchpad.net/ondrej/apache2/ubuntu focal InRelease
Temporary failure resolving ‘ppa.launchpad.net
Err:3 https://apt.hestiacp.com focal InRelease
Temporary failure resolving ‘apt.hestiacp.com
Err:4 https://mirror.mva-n.net/mariadb/repo/10.5/ubuntu focal InRelease
Temporary failure resolving ‘mirror.mva-n.net
Err:5 https://nginx.org/packages/mainline/ubuntu focal InRelease
Temporary failure resolving ‘nginx.org
Err:6 http://it.archive.ubuntu.com/ubuntu focal-updates InRelease
Temporary failure resolving ‘it.archive.ubuntu.com
Err:7 http://ppa.launchpad.net/ondrej/php/ubuntu focal InRelease
Temporary failure resolving ‘ppa.launchpad.net
Err:8 http://it.archive.ubuntu.com/ubuntu focal-backports InRelease
Temporary failure resolving ‘it.archive.ubuntu.com

when I reboot server iptables became below again, web ui reachable, apt update command success;

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-MAIL
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAI L
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A fail2ban-FTP -j RETURN
-A fail2ban-HESTIA -j RETURN
-A fail2ban-MAIL -j RETURN
-A fail2ban-RECIDIVE -j RETURN
-A fail2ban-SSH -j RETURN

there is someting wrong but I couldn’t figure it out.

Hmm, is it a openvz vps?

it is aruba. at 16.04 I was using vesta, it was working without problems but I stuck at php version, so I decided to jump ubuntu 20.04.