I ran:
iptables -L
and see this:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Does the
REJECT all
over-ride the
ACCEPT all
Would "DROP all" be better so people banging on the ports don't see a reply?
I ran the gui tool to open ssh and it is in between ACCEPT all and REJECT all. Why does it work if there is a REJECT all after it?
Thanks,
-wes
On 11/5/2013 3:55 PM, Wes James wrote:
I ran:
iptables -L
incomplete output. try...
iptables -L -vn
and you'll probably see that reject is for a specific packet type. the v is for verbose, the n is for numeric output (no DNS lookup)
On Tue, Nov 5, 2013 at 5:22 PM, John R Pierce pierce@hogranch.com wrote:
On 11/5/2013 3:55 PM, Wes James wrote:
I ran:
iptables -L
incomplete output. try...
iptables -L -vn
and you'll probably see that reject is for a specific packet type. the v is for verbose, the n is for numeric output (no DNS lookup)
Ah, yes. There are some DROPs in there.
-------------------------------------- motd.......
How many puzzle pieces make up a centos system?
Answer: The number programs + each programs parameters + the knowledge as to when to use them.
-------------------------------------
Thanks,
-wes
-
John R Pierce -
Wes James