Re: iptables and services

From: Alex Ilyushin (alex@i9.ru)
Date: 12/25/02

Next message: Mark L Smith: "Mark L Smith/Boulder/IBM is out of the office."

Previous message: paras: "iptables and services"
In reply to: paras: "iptables and services"
Next in thread: paras: "Re: iptables and services"
Reply: paras: "Re: iptables and services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 25 Dec 2002 21:49:07 +0500
From: Alex Ilyushin <alex@i9.ru>
To: security-discuss@linuxsecurity.com

paras wrote:
> hi all
>
> I have default policy to DROP on one machine. but i want the web server
> (80) to be accessed from the internet but it is not working with the
> following script. help plz.
> iptables -P INPUT DROP
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT

Wrong order of rules. You must add -P INPUT DROP after all rules, or use
-I (insert).

---
Alex.
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.

Next message: Mark L Smith: "Mark L Smith/Boulder/IBM is out of the office."
Previous message: paras: "iptables and services"
In reply to: paras: "iptables and services"
Next in thread: paras: "Re: iptables and services"
Reply: paras: "Re: iptables and services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]