On Thursday 03 January 2008 12:37:56 Christopher Chan wrote: > Too bad you missed the documentation on netfilter then. It would have > told you that the INPUT chain controls what comes to the box, the OUTPUT > chain what originates from the box and the FORWARD chain what goes > through the box. > > You would have needed a rule in FORWARD to allow ssh connections through > the box. The rules in the INPUT and OUTPUT chains would have zero effect > on connections going through. It might also help if we put a rule that will log what happens for troubleshooting. Put these lines in the last of your rules (pls mind the word wrap): iptables -A INPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** INPUT DROP ** ' iptables -A OUTPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** OUTPUT DROP ** ' iptables -A FORWARD -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** FORWARD DROP ** ' We can now see the result in /var/log/messages HTH, -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 17:14:40 up 9:52, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn.
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
