RE: --policy DROP kills everything? | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
> # Generated by iptables-save v1.2.11 on Tue Jun 7 23:03:58 2005 > *filter >> INPUT DROP [0:0] >> FORWARD ACCEPT [0:0] >> OUTPUT ACCEPT [0:0] > -A INPUT -s 127.0.0.0/255.0.0.0 -i lo -j ACCEPT > -A INPUT -d 192.168.42.2 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT > -A INPUT -d 192.168.42.2 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT > COMMIT # Completed on Tue Jun 7 23:03:58 2005 > > These are the loaded modules: iptable_filter, ip_tables > > I cannot make an SSH or HTTP connection to the box. Add this on top of the other INPUT rules : -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > I was under the impression that a policy of DROP will drop > the packets if they dont match a rule. That is correct. But.. A new ssh packet comes in and is accepted by --dport 22. The other packets in the same connection have state ESTABLISHED and you're not allowing those packets. That's why they are dropped. > ACCEPT have passed them through? What stupid little thing did I miss? The one rule above ;o). Gr, Rob
[TCP/IP Books] [Linux Resources] [LARTC] [Home] [Bugtraq] [Consulting] [Yosemite News] [Photo]