IPTables not working?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Mike-

Try editing /etc/sysconfig/iptables and add your rule very early in the
stack (anywhere before the rule that accepts anything destined for port
80), restart iptables, and see if that works. My guess is it's never
hitting the rule.

Sean

On Thu, 2005-08-25 at 09:50 -0700, Mike wrote:
> Hello Sean,
> 
> /etc/init.d/iptables restart
> Flushing firewall rules: [  OK  ]
> Setting chains to policy ACCEPT: filter [  OK  ]
> Unloading iptables modules: [  OK  ]
> Applying iptables firewall rules: [  OK  ]
> Loading additional iptables modules: ip_conntrack_ftp [  OK  ]
> 
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT 
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT 
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT 
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT 
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -m tcp -p tcp --dport 20 -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
> Of course, when I restart, the rule I entered with:
> iptables -A RH-Firewall-1-INPUT -s 195.225.176.0/24 -j DROP
> 
-- 
Sean O'Connell
Office of Engineering Computing         oconnell@xxxxxxxxxxxx
Jacobs School of Engineering, UCSD      858.534.9716 (49716)
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux