now suppose I independently add a rule like this:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -s 192.168.1.0/24 -j ACCEPT
the rule will be added to the bottom of the RH-Firewall -1-INPUT chain, right after that REJECT. So a datagram for port 3306 will traverse the chain, hit the REJECT, and get blown away without ever being inspected by the new rule appearing after the REJECT.
Am I on the right track here?
Thanks
Bob Cochran
Hi there, don't know if anyone give this tip yes, but make a crontab when messing with iptables which shuts down iptables after lets say 10 minutes (or enough time for you to test the new tables), so in case you get yourself locked out of the machine, you will have access again after the job runs. Yeah, experience :)
Regards, Angelo
On Tue, 2005-02-01 at 17:34, Angelo Machils wrote:
Hi there, don't know if anyone give this tip yes, but make a crontab when messing with iptables which shuts down iptables after lets say 10 minutes (or enough time for you to test the new tables), so in case you get yourself locked out of the machine, you will have access again after the job runs. Yeah, experience :)
If you run Shorewall, there's a rule called "ABSENTMINDED" which does _just_ that. The only caveat is, if you happen to lose your IP (eg: dial-up) at the very instance, then you're "screwed"
-- Ow Mun Heng Gentoo/Linux on DELL D600 1.4Ghz 98% Microsoft(tm) Free!! Neuromancer 18:40:04 up 10:04, 8 users, load average: 0.19, 0.38, 0.86
-
Angelo Machils -
Ow Mun Heng