iptables rule questions:

iptables rule questions:

Post by Neil Watso » Tue, 05 Jun 2001 22:51:21

I have entered some iptable rules to suppliement Bastille's firewall.  
These are the rules:

#Deny all connections to pop server
#except my remote IP

iptables -A INPUT -m tcp -p tcp -s !$RIP -d $SIP --dport 110 -j DROP

#Deny all connections to sshd server
#except my remote IP

iptables -A INPUT -m tcp -p tcp -s !$RIP -d $SIP --dport 22 -j DROP

However, when I have my ports scanned on someweb sites port 22 and 110 are
still listed as open.  What have I done wrong?

Neil Watson


1. iptables: rule with RETURN target just after a rule with ACCEPT target

Hi, I've seen in several scripts the following layout:

iptables criteria -j ACCEPT
iptables the_same_criteria_as_above -j RETURN

for example:

iptables  -A INPUT -p tcp -m tcp --dport 100 -j ACCEPT
iptables  -A INPUT -p tcp -m tcp --dport 100 -j RETURN

The last rule will be never matched, because all tcp incoming
connections will be accepted, and then will go throw the next chain.
So, What is the usefulness of this configuration?

IMHO, I think is for changing the scripts in a fast way (just
commenting on the first line will yield in default policy for the
INPUT chain)


2. installed linux (avoided swap issue!), Solaris 8 won't boot

3. Converting ipchains rules to iptables rules?

4. FBSD 3.2 and console/booting

5. iptables: rule with RETURN target after a rule with the ACCEPT target

6. how to configure 18GB drive?

7. Looking for iptables applications code (iptables.c) to run some rules to forward packets

8. NETIQUETTE - The forgotten art

9. IPTables drop rules on forward but not for certain MAC's question

10. Iptables Filtering Rules Question

11. Question on iptables rule

12. IPTABLES question, multiple rules

13. IPTables rule for non-passive FTP data ports?