iptables not working on Etch AMD64 (same rule works on Sarge i686)
I'm trying to get iptables running on an etch machine but the rules
aren't actually working for some reason. I've reduced this to a very
simple example. Even if I try to just block portmap I can still connect
with rpcinfo from a remote machine even though "iptables --list" shows
an active rule.
iptables-up.conf (using with iptables-restore):
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp --dport 111 -j DROP
COMMIT
Output of iptables --list:
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:sunrpc
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
rpcinfo and nmap of n.n.n.n (public IP):
rpcinfo -p n.n.n.n
No remote programs registered.
nmap -sU -p 111
n.n.n.n
Password:
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-19 15:23 PDT
Interesting ports on n.n.n.n:
PORT STATE SERVICE
111/udp open|filtered rpcbind
Nmap finished: 1 IP address (1 host up) scanned in 0.985 seconds
I've tried turning the DROP into a LOG (level debug) and don't see any logging entries either. What am I missing?
Reply to: