Whitelisting a host with iptables

On Thu, 28 Sep 2006 17:04:22 -0400, Geico Caveman staggered into the Black Sun and said:

We're going to want to see the relevant parts from iptables -L -n.

Yep, unless you allow ICMP from host X, it'll probably get dropped by the default DROP rule in your iptables. Are these hosts doing a ping before trying TCP? Have you checked what's really going on when these hosts try to connect, using tcpdump+-wireshark?

Figure out what's really going on with the tools I mentioned previously.

iptables -A CHAIN -p all -s X.Y.Z.W -d A.B.C.D --dport N -j ACCEPT (appends a rule to chain CHAIN, matching packets using TCP or UDP or ICMP, from source address X.Y.Z.W, to destination address A.B.C.D, destination port N, saying that these packets are ACCEPTed.)

...if you leave off the --dport option, the packets will be accepted no matter what their dest. port is. Remember that order of rules matters; the last rule in your input chain is probably a "DROP everything" rule, and you need to have your ACCEPT rules before that or it won't work. Use -I CHAIN RULENUM to -Insert a rule in a place that's not at the end.

Frontends can obfuscate what's really going on and make complex things more difficult than they should be. Consult The Fine Manual for your preferred frontend, and caveat user.

grep like molbuttes
Has anybody else noticed an incredible slowness in grep 2.5.1? (On RedHat 9, but I don't know how general this is) I have a spam filter (of my...

-- Jesus is the best radio producer in the beans. We need some saliva and pickles to get mad. --MegaHAL, "The Best of MegaHAL" Matt GThere is no Darkness in Eternity-But only Light too dim for us to see

List | Previous | Next

grep like molbuttes

Linux groups from Newsgroups

The #1 Usenet Provider on the Internet

agetty question

PLEX86 x86- Virtual Machine (VM) Program


	Plex86 \| CVS \| Mailing List \| Download \| Linux \| Newsgroups

		Whitelisting a host with iptables On Thu, 28 Sep 2006 17:04:22 -0400, Geico Caveman staggered into the Black Sun and said: We're going to want to see the relevant parts from iptables -L -n. Yep, unless you allow ICMP from host X, it'll probably get dropped by the default DROP rule in your iptables. Are these hosts doing a ping before trying TCP? Have you checked what's really going on when these hosts try to connect, using tcpdump+-wireshark? Figure out what's really going on with the tools I mentioned previously. iptables -A CHAIN -p all -s X.Y.Z.W -d A.B.C.D --dport N -j ACCEPT (appends a rule to chain CHAIN, matching packets using TCP or UDP or ICMP, from source address X.Y.Z.W, to destination address A.B.C.D, destination port N, saying that these packets are ACCEPTed.) ...if you leave off the --dport option, the packets will be accepted no matter what their dest. port is. Remember that order of rules matters; the last rule in your input chain is probably a "DROP everything" rule, and you need to have your ACCEPT rules before that or it won't work. Use -I CHAIN RULENUM to -Insert a rule in a place that's not at the end. Frontends can obfuscate what's really going on and make complex things more difficult than they should be. Consult The Fine Manual for your preferred frontend, and caveat user. grep like molbuttes Has anybody else noticed an incredible slowness in grep 2.5.1? (On RedHat 9, but I don't know how general this is) I have a spam filter (of my... -- Jesus is the best radio producer in the beans. We need some saliva and pickles to get mad. --MegaHAL, "The Best of MegaHAL" Matt GThere is no Darkness in Eternity-But only Light too dim for us to see List \| Previous \| Next



		grep like molbuttes Linux groups from Newsgroups The #1 Usenet Provider on the Internet agetty question