iptables dropping legitimate packets?
Jan Morales
jan at geezjan.org
Thu Feb 24 17:11:46 UTC 2005
lsmod shows, in part, the following:
ipt_LOG 9921 1
ipt_state 5825 2
ip_conntrack 45317 1 ipt_state
iptable_filter 7489 1
ip_tables 20929 3 ipt_LOG,ipt_state,iptable_filter
David Cary Hart wrote:
> On Thu, 2005-02-24 at 11:30 -0500, Jan Morales wrote:
>
>
>># Firewall configuration written by redhat-config-securitylevel
>># Manual customization of this file is not recommended.
>>*filter
>>:INPUT ACCEPT [0:0]
>>:FORWARD ACCEPT [0:0]
>>:OUTPUT ACCEPT [0:0]
>>:RH-Firewall-1-INPUT - [0:0]
>>-A INPUT -j RH-Firewall-1-INPUT
>>-A FORWARD -j RH-Firewall-1-INPUT
>>-A RH-Firewall-1-INPUT -i lo -j ACCEPT
>>-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
>>-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
>>ACCEPT
>>-A RH-Firewall-1-INPUT -j LOG -d 192.168.0.5 --log-prefix "iptables: "
>>-A RH-Firewall-1-INPUT -j DROP
>>COMMIT
>>
>
> This effects a log and drop default policy. It will log and drop all
> packets that are not previously ACCEPTed. Does lsmod show that conntrack
> is loaded?
More information about the fedora-list
mailing list