Re: Iptables question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2010-02-12 at 13:44 +1300, Clint Dilks wrote:
> Craig White wrote:
> > Perhaps this is just a thing with Linode VPS but it is Fedora 11.
> >
> > I would think that given my iptables rules, this shouldn't happen
> >
> > # ssh root@localhost
> > ssh: connect to host localhost port 22: Connection refused
> >
> > Yes, port 22 is not allowed for eth0 but it should be on 'localhost'
> >
> > # cat /etc/hosts
> > 127.0.0.1   localhost localhost.localdomain localhost4
> > localhost4.localdomain4
> > ::1         localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> >
> > I am using the following rules...
> >
> > :INPUT ACCEPT [0:0]                                                    
> > :FORWARD ACCEPT [0:0]                                                  
> > :OUTPUT ACCEPT [0:0]                                                   
> > :RH-Firewall-1-INPUT - [0:0]                                           
> > -A INPUT -j RH-Firewall-1-INPUT                                        
> > -A FORWARD -j RH-Firewall-1-INPUT                                      
> > -A RH-Firewall-1-INPUT -i lo -j ACCEPT                                 
> > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT               
> > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT                                 
> > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT                                 
> > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
> > ACCEPT
> > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
> > ACCEPT
> > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
> > ACCEPT
> > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 465 -j
> > ACCEPT
> > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 587 -j
> > ACCEPT
> > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j
> > ACCEPT
> > # Finally
> > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> > COMMIT
> > *mangle
> > :FORWARD ACCEPT [0:0]
> > :INPUT ACCEPT [0:0]
> > :OUTPUT ACCEPT [0:0]
> > :PREROUTING ACCEPT [0:0]
> > :POSTROUTING ACCEPT [0:0]
> > COMMIT
> > # Completed
> > *nat
> > :OUTPUT ACCEPT [0:0]
> > :PREROUTING ACCEPT [0:0]
> > :POSTROUTING ACCEPT [0:0]
> > COMMIT
> > # Completed
> >
> > WTF?
> >
> > Craig
> >
> >
> >   
> Hi, Are you also using /etc/hosts.allow and /etc/hosts.deny ?
----
I hope so but they are devoid of everything but comments

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux