[CentOS] IPTables not working?

Sean O'Connell oconnell at soe.ucsd.edu
Thu Aug 25 17:02:12 UTC 2005 

Mike-

Try editing /etc/sysconfig/iptables and add your rule very early in the
stack (anywhere before the rule that accepts anything destined for port
80), restart iptables, and see if that works. My guess is it's never
hitting the rule.

Sean

On Thu, 2005-08-25 at 09:50 -0700, Mike wrote:
> Hello Sean,
> 
> /etc/init.d/iptables restart
> Flushing firewall rules: [  OK  ]
> Setting chains to policy ACCEPT: filter [  OK  ]
> Unloading iptables modules: [  OK  ]
> Applying iptables firewall rules: [  OK  ]
> Loading additional iptables modules: ip_conntrack_ftp [  OK  ]
> 
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT 
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT 
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT 
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT 
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -m tcp -p tcp --dport 20 -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
> Of course, when I restart, the rule I entered with:
> iptables -A RH-Firewall-1-INPUT -s 195.225.176.0/24 -j DROP
> 
-- 
Sean O'Connell
Office of Engineering Computing         oconnell at soe.ucsd.edu
Jacobs School of Engineering, UCSD      858.534.9716 (49716)

More information about the CentOS mailing list