Hi!
I'm using the drop policy for iptables using the following --
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp -j ACCEPT
iptables -A INPUT -p udp -j ACCEPT
iptables -A INPUT -p tcp ! -i lo -m multiport --dports 0:79,81:65535 -m
state --state NEW -j DROP
Unfortunately, in this configuration, none of the ports get blocks.
This implies that after an ACCEPT, further rules are not matched. Is
this a bug or intended by design?
If this is by design, how am I supposed to use modules like connlimit
with DROP policy.
Thanks for any help!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
