iptables not working on Etch AMD64

To: debian-user@lists.debian.org
Subject: iptables not working on Etch AMD64
From: Rhomboid <rhomboid@globalmegahypernet.com>
Date: Fri, 19 Oct 2007 15:27:00 -0700
Message-id: <[🔎] aa6f01850710191527g1995b33ak16bc52030d431cd5@mail.gmail.com>

I'm trying to get iptables running on an etch machine but the rules aren't actually working for some reason. I've reduced this to a very simple example. Even if I try to just block portmap I can still connect with rpcinfo from a remote machine even though "iptables --list" shows an active rule.

iptables-up.conf (using with iptables-restore):

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp --dport 111 -j DROP
COMMIT

Output of iptables --list:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       udp -- anywhere             anywhere            udp dpt:sunrpc

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

rpcinfo and nmap of n.n.n.n (public IP):

rpcinfo -p n.n.n.n
No remote programs registered.

nmap -sU -p 111 n.n.n.n
Password:

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-19 15:23 PDT
Interesting ports on n.n.n.n:
PORT    STATE         SERVICE
111/udp open|filtered rpcbind

Nmap finished: 1 IP address (1 host up) scanned in 0.985 seconds

I've tried turning the DROP into a LOG (level debug) and don't see any logging entries either. What am I missing?

Reply to:

Follow-Ups:
- Re: iptables not working on Etch AMD64
  - From: Rhomboid <rhomboid@globalmegahypernet.com>

Prev by Date: Re: Help with Debian Install
Next by Date: Re: iptables not working on Etch AMD64
Previous by thread: Re: What project use Z ?
Next by thread: Re: iptables not working on Etch AMD64
Index(es):
- Date
- Thread