Re: How to set up an iptable rule?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mo, den 10.01.2005 schrieb Vinicius um 18:16:

> > I would like to have a rule to reject an out-of-range IP's to access a 
> > specified port on my system, so I did the following rule:
> > "iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp 
> > --dport 22 -m iprange ! --src-range 200.252.X.X-200.252.X.Y -j REJECT 
> > --reject-with icmp-host-prohibited", where X and Y are appropiate numbers.

> If the above rule number is 4 and the following rule number is 3, then 
> is the rulenum 4 useless, please?
> rule number 3: "iptables -A RH-Firewall-1-INPUT -m state --state NEW -m 
> tcp -p tcp --dport 22 -j ACCEPT"

> Vinicius.

Yes, the rules are gone through from first to last until a rule matches.
Your rule number 3 catches all packets to port 22 which have connection
tracking state NEW, either from which IP originating.

Alexander


-- 
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp 
Serendipity 18:21:13 up 18 days, 20:05, load average: 1.62, 0.76, 0.49 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux