[ale] Using iptables
Jim Popovitch
jimpop at yahoo.com
Sun Jun 25 01:04:11 EDT 2006
Michael H. Warfield wrote:
> On Sun, 2006-06-25 at 00:23 -0400, Jim Popovitch wrote:
>
>> I've never used "!" in iptables statements, but this should work for you:
>
>> iptables -A INPUT -p tcp -s 218.23.45.2 --dport 80 -j ACCEPT
>> iptables -A INPUT -p tcp --dport 80 -j DROP
>
> Won't work if he's already got a rule in his tables that accepts port
> 80 first. The -A appends after everything. If he's got a -A ... --port
> 80 ... -j ACCEPT in his /etc/sysconfig/iptables file (assuming he's
> using RedHat or FC or CentOS or any similar compatible flavor) then
> another -A after that won't do jack. I've seen this too often where
> someone has a set of tables and expect an add-on rule to work when it
> never gets that far because a preceding rule takes precedence.
But it will work if he hasn't gotten any other rules. ;-) Terry's post
indicated that the command 'iptables ...' wasn't accepted, which I took
to mean not accepted by sh/bash/csh/etc., and is easy to see due to bang
being in the cmd line. I suspect he would have said differently if the
command was accepted but then didn't produce the desired result, so I
offered something that should work assuming other things are in proper
order. What I suggested won't work if the power to his box is off, the
network is down, the network gateway is down, there is no keyboard, or
the keyboard isn't connected, yada, yada, yada... But enough about
that. ;-)
-Jim P.
More information about the Ale
mailing list