On 6/16/2014 9:44 PM, Earl Ramirez wrote: > On Mon, 2014-06-16 at 21:42 -0500, Chuck Campbell wrote: >> All of the suggestions are graciously accepted, however, I was actually asking >> what I was doing wrong with iptables, and why, with the rules I put in place, >> someone was still able to connect to my machine. >> >> I understand there might be better ways, but if I don't understand what I did >> wrong last time, how am I going to figure out how to deny all, then allow >> selected, ehrn I can't seem to allow all and deny selected. >> >> There must be a misunderstanding on my part about how iptables are supposed to work. >> >> -chuck >> >> > As John R Pierce mentioned one of your first rule in the chain is > "RH-Firewall-1-INPUT all -- anywhere anywhere", this > simply mean everything with "DROP" after it will be ignored. iptables > will work its way down the chain, therefore you have to options > 1. remove that line or > 2. move it at the bottom of the chain. I am clearly missing some emails, because I didn't see a reply from John R Pierce. My apologies. I appreciate you restating this. I'll try to go make sense of iptables, given the insight, thanks, -chuck -- ACCEL Services, Inc.| Specialists in Gravity, Magnetics | (713)993-0671 ph. | and Integrated Interpretation | (713)993-0608 fax 448 W. 19th St. #325| Since 1992 | (713)306-5794 cell Houston, TX, 77008 | Chuck Campbell | campbell at accelinc.com | President & Senior Geoscientist | "Integration means more than having all the maps at the same scale!"