Re: [LUNI] Anyone used iptables?

From: Steven Lembark (lembark@wrkhors.com)
Date: Sun Mar 04 2001 - 00:51:54 CST

Next message: scott thomason: "Re: [LUNI] Bastille on Redhat 7.2"

Previous message: Jeremy: "[LUNI] FREE monitors and low priced monitors, both new and display models"
In reply to: Douglas Carmichael: "[LUNI] Anyone used iptables?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I'm trying to have the system accept connections on port 113 to a fake
> identd, but when I add an accept rule from port 113 to the top of the
> chain, it still doesn't work.
>
> Here are my rules so far:
> /usr/sbin/iptables -N block
> /usr/sbin/iptables -A block -p tcp --source-port 113 -j ACCEPT
> /usr/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> /usr/sbin/iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
> /usr/sbin/iptables -A block -j DROP
> /usr/sbin/iptables -A INPUT -j block
> /usr/sbin/iptables -A FORWARD -j block
>
> What could be the problem?

flush the tables first.

do a --list after each rule is added and convince yourself that
what's there matches your expectations.

something freudian tells me you need the port in the block table
to be a destination port -- no docs nearby so i can't check.

-- 
 Steven Lembark                                   2930 W. Palmer St.
                                                 Chicago, IL  60647
 lembark@wrkhors.com                                   800-762-1582
-=-
Linux Users Of Northern Illinois: General Discussion Mailing list.
For unsubscription, archives, and announcements only see http://luni.org

Next message: scott thomason: "Re: [LUNI] Bastille on Redhat 7.2"
Previous message: Jeremy: "[LUNI] FREE monitors and low priced monitors, both new and display models"
In reply to: Douglas Carmichael: "[LUNI] Anyone used iptables?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Mar 04 2001 - 00:56:10 CST