[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Problem with debian sarge, iptables & state


I copied a iptables config from a friend over to my router:
($IPT = /sbin/iptables)

$IPT -A FORWARD -s ! -p tcp --dport 22 -m state --state NEW -m recent --set $IPT -A FORWARD -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 300 --hitcount 10 -j DROP
$IPT -A FORWARD -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
$IPT -A FORWARD -p tcp -d --dport 22 -j REJECT

But it doesn't do the trick, ssh is blocked at all.
On a machine with a 2.6.14 self built kernel (network options not touched at all), that works local (with the INPUT chain, not the forward chain).
Is the forward chain the problem here?

TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel.: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
PGP-Key-ID: 0xB87A0E03

Reply to: