[CentOS] iptables question

Tue Jun 17 02:44:46 UTC 2014
Earl Ramirez <earlaramirez at gmail.com>

On Mon, 2014-06-16 at 21:42 -0500, Chuck Campbell wrote:
> All of the suggestions are graciously accepted, however, I was actually asking 
> what I was doing wrong with iptables, and why, with the rules I put in place, 
> someone was still able to connect to my machine.
> 
> I understand there might be better ways, but if I don't understand what I did 
> wrong last time, how am I going to figure out how to deny all, then allow 
> selected, ehrn I can't seem to allow all and deny selected.
> 
> There must be a misunderstanding on my part about how iptables are supposed to work.
> 
> -chuck
> 
> 

As John R Pierce mentioned one of your first rule in the chain is 
"RH-Firewall-1-INPUT  all  --  anywhere             anywhere", this
simply mean everything with "DROP" after it will be ignored. iptables
will work its way down the chain, therefore you have to options
1. remove that line or 
2. move it at the bottom of the chain.


-- 


Kind Regards
Earl Ramirez
GPG Key: http://trinipino.com/PublicKey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20140616/1d25b47e/attachment-0005.sig>