Problem with debian sarge, iptables & state
Hi!
I copied a iptables config from a friend over to my router:
($IPT = /sbin/iptables)
$IPT -A FORWARD -s ! 111.22.22.128/25 -p tcp --dport 22 -m state --state
NEW -m recent --set
$IPT -A FORWARD -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 300 --hitcount 10 -j DROP
$IPT -A FORWARD -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
$IPT -A FORWARD -p tcp -d 111.22.22.128/25 --dport 22 -j REJECT
But it doesn't do the trick, ssh is blocked at all.
On a machine with a 2.6.14 self built kernel (network options not
touched at all), that works local (with the INPUT chain, not the forward
chain).
Is the forward chain the problem here?
Cya
Lars
--
-------------------------------------------------------------
TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel.: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
PGP-Key-ID: 0xB87A0E03
Reply to: