On 6/16/2014 9:44 PM, Earl Ramirez wrote:
On Mon, 2014-06-16 at 21:42 -0500, Chuck Campbell wrote:
All of the suggestions are graciously accepted, however, I was actually asking what I was doing wrong with iptables, and why, with the rules I put in place, someone was still able to connect to my machine.
I understand there might be better ways, but if I don't understand what I did wrong last time, how am I going to figure out how to deny all, then allow selected, ehrn I can't seem to allow all and deny selected.
There must be a misunderstanding on my part about how iptables are supposed to work.
-chuck
As John R Pierce mentioned one of your first rule in the chain is "RH-Firewall-1-INPUT all -- anywhere anywhere", this simply mean everything with "DROP" after it will be ignored. iptables will work its way down the chain, therefore you have to options
- remove that line or
- move it at the bottom of the chain.
I am clearly missing some emails, because I didn't see a reply from John R Pierce. My apologies. I appreciate you restating this. I'll try to go make sense of iptables, given the insight,
thanks, -chuck