Hi,
I'm new to the list so please forgive.
I have the following rule in my iptables:
iptables -w -I INPUT -i enp2S0 -m set --match-set country-list src -p
tcp -m multiport ! --dports 25,80,443 -m state --state NEW -j DROP
but I've noticed it is not blocking. I tried checking using GRC's
Shields Up test scanning port 993. If instead, I do:
iptables -w -I INPUT -m set --match-set country-list src -p tcp -m
multiport ! --dports 25,80,443 -m state --state NEW -j DROP.
It works. The problem seems to be the come when I use the -i selector.
Do you know what I'm doing wrong?
I am using ClearOS7.3 (a CentOS7.3 derrivative) with
ipset-6.19-6.el7.x86_64 and iptables-1.4.21-17.v7.x86_64.
TIA,
Nick
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
