Re: Confirming an iptables rule
Hey Guys,
Just to clear up, I placed the DROP rules above the state ACCEPT rules
in my firewall script and now it seems to be working. This is
interesting, I think.
Thanks for your help anyway guys and if you can explain to me why this
is I'd appreciate it.
Regards,
Lucas
On Mon, Aug 19, 2002 at 04:41:59PM +1000, Lucas Barbuto wrote:
> Hi Guys,
>
> On Mon, Aug 19, 2002 at 08:23:08AM +0200, Frederik Schueler wrote:
> > I'm surprised -i accepted an IP address.
>
> You were both right about that, '-i' doesn't accept an IP address.
>
> I have tried both these methods and I'm still able to connect to a
> remote host on port 27374 (using netcat). I'm currently using this
>
> iptables -A FORWARD -p TCP -i ${INSIDE_INTERFACE} --dport 27374 -j DROP
> iptables -A FORWARD -p UDP -i ${INSIDE_INTERFACE} --dport 27374 -j DROP
>
> Unfortunately it is still allowing these packets through. I'm concerned
> that these rules
>
> iptables -A FORWARD -m state --state NEW -i ${INSIDE_DEVICE} -j ACCEPT
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -m state --state NEW,INVALID -i ${OUTSIDE_DEVICE} -j DROP
>
> ... are overriding the dropping rules, can anyone confirm or deny this?
>
> Regards,
>
> Lucas
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: