Hello, Basically, iptables doesn't seem to be working as advertised, at least not as I've read/interpreted. Here's a session I started from a host well outside my networks: [D:\temp\EEPRO100]ssh xtian Last login: Sun Jun 3 18:26:57 2001 from os2.invlogic.com Linux 2.2.18. No mail. [mmclagan@xtian:/home/mmclagan] $ telnet os2.invlogic.com smtp Trying 198.182.196.9... Connected to os2.invlogic.com. Escape character is '^]'. 220-os2.invlogic.com Sendmail IBM OS/2 SENDMAIL VERSION 2.02/2.0 ready at Wed, 26 Dec 2001 11:58:33 -0500 220 ESMTP spoken here quit 221 os2.invlogic.com closing connection Connection closed by foreign host. [mmclagan@xtian:/home/mmclagan] $ My reading of the man pages, etc says that the following line in the /etc/sysconfig/iptables file (using RH 7.2 - the same line is in the /proc files) on router.invlogic.com: [0:0] -A INPUT -d 198.182.196.9 -p tcp -m tcp --dport 25 -j REJECT \ --reject-with icmp-port-unreachable should have blocked the above session. In fact, I've got rules for 20, 21, 23 and 25 for that system and none of them is getting blocked. I've attached the .config that I compiled the kernel with in case there's an option that I forgot to include to make this all work. Any input will be greatly appreciated! Michael ======================================================================= Michael McLagan 59 E. River St, #2 V:(315)393-1202 General Manager, Ogdensburg, NY 13669 F:(315)393-1154 Linux Online, Inc. The first stop for Linux info on the Net
Attachment:
.config
Description: Binary data