iptables isn't blocking IP
Alexander Dalloz
ad+lists at uni-x.org
Fri Jan 21 16:05:19 UTC 2005
Am Fr, den 21.01.2005 schrieb David Hoffman um 16:57:
> > /sbin/iptables -A INPUT -j OC
> >
> > and OC would be appended to the INPUT chain. Correct?
> YES
My answer would be: NO. Please see my other reply. I suspect that the
default iptables design from FC is still active for Kevin. So incoming
traffic to port 22 is already catched by rule
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp
--dport 22 -j ACCEPT
And he can add as much jump targets to the end of the INPUT rule as he
wants, they will not take place. Why? Because the INPUT chain is left
right at start and the last rule of the left out jump chain is
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
Alexander
--
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.10-1.9_FC2smp
Serendipity 17:01:44 up 7 days, 23 users, load average: 1.50, 1.14, 0.96
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20050121/e4dd20db/attachment-0002.bin
More information about the users
mailing list