netfilter-owner@xxxxxxxxxxxxxxx <> wrote on : > Hi, all: > > I am running the command "iptables -p tcp -j REJECT -A INPUT > -i eth0 -s 13.121.8.119/32 --dport 80", to reject http access > from the host "13.121.8.119". The command returns without any > error message. However, I still can acess the linux server from > "13.121.8.119". > > Anything goes wrong here? Is there a rule that would accept the http packet before it would hit this rule? > Any method to debug? Place a LOG rule identical to the REJECT rule in front of it and look in your messages log if it hits: $ipt -A INPUT -i eth0 -s 13.121.8.119 -p tcp --dport 80 -j LOG \ --log-level info --log-prefix "IPT: TEST: " $ipt -A INPUT -i eth0 -s 13.121.8.119 -p tcp --dport 80 -j REJECT If it doesn't hit, either the rule is incorrect (for what you want it to do) or another rule has already accepted the packet. Grts, Rob -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
