How to set up an iptable rule?

Alexander Dalloz ad+lists at uni-x.org
Mon Jan 10 17:34:45 UTC 2005


Am Mo, den 10.01.2005 schrieb Vinicius um 18:16:

> > I would like to have a rule to reject an out-of-range IP's to access a 
> > specified port on my system, so I did the following rule:
> > "iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp 
> > --dport 22 -m iprange ! --src-range 200.252.X.X-200.252.X.Y -j REJECT 
> > --reject-with icmp-host-prohibited", where X and Y are appropiate numbers.

> If the above rule number is 4 and the following rule number is 3, then 
> is the rulenum 4 useless, please?
> rule number 3: "iptables -A RH-Firewall-1-INPUT -m state --state NEW -m 
> tcp -p tcp --dport 22 -j ACCEPT"

> Vinicius.

Yes, the rules are gone through from first to last until a rule matches.
Your rule number 3 catches all packets to port 22 which have connection
tracking state NEW, either from which IP originating.

Alexander


-- 
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp 
Serendipity 18:21:13 up 18 days, 20:05, load average: 1.62, 0.76, 0.49 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050110/dac28c87/attachment-0001.sig>


More information about the fedora-list mailing list