Re: Confirming an iptables rule
Hi Guys,
On Mon, Aug 19, 2002 at 08:23:08AM +0200, Frederik Schueler wrote:
> I'm surprised -i accepted an IP address.
You were both right about that, '-i' doesn't accept an IP address.
I have tried both these methods and I'm still able to connect to a
remote host on port 27374 (using netcat). I'm currently using this
iptables -A FORWARD -p TCP -i ${INSIDE_INTERFACE} --dport 27374 -j DROP
iptables -A FORWARD -p UDP -i ${INSIDE_INTERFACE} --dport 27374 -j DROP
Unfortunately it is still allowing these packets through. I'm concerned
that these rules
iptables -A FORWARD -m state --state NEW -i ${INSIDE_DEVICE} -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW,INVALID -i ${OUTSIDE_DEVICE} -j DROP
... are overriding the dropping rules, can anyone confirm or deny this?
Regards,
Lucas
Reply to: