[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Firewall/iptables question

Hi all,

I'm attempting to set up a simple firewall on a virtual server. I have
the following:

iptables --flush
iptables -t nat --flush
iptables -t mangle --flush
iptables --policy INPUT DROP
iptables --policy OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -i venet0 --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -i venet0 --source m.y.i.p --dport 80 -m
state --state NEW -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j REJECT

(And iptables -L shows that this setup has been accepted.)

This was supposed to only allow my box (or at least my public IP)
access to port 80 on this server. I can not access port 80 at all,
however. (Please note that without --source it works as expected.)

What am I doing wrong?

On a related note, the logging only logs the packet, but no timestamp.
Is that configurable somewhere?


Reply to: