Iptables :: priority of rules
Res
res at ausics.net
Fri Feb 23 11:11:05 UTC 2007
On Fri, 23 Feb 2007, Luc MAIGNAN wrote:
> In fact, isn't what I wrote ?
>
No, I believe Tim meant a default drop "policy" then the rules you add are
accepts.
eg:
iptables -P INPUT DROP
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -s special.ip.allowed -j ACCEPT
>
>
>
> Tim a écrit :
>> On Fri, 2007-02-23 at 11:26 +0100, Luc MAIGNAN wrote:
>>
>>> I don't understand how the priority of the rules of iptables is set.
>>>
>>> My problem : I want to allow ssh from my local network(1), and from
>>> outside only for an IP(2)
>>>
>>> So i Wrote :
>>>
>>> (1) : iptables -I INPUT -p tcp -s 192.168.0.0/24 --dport ssh -j ACCEPT
>>> (2) : iptables -I INPUT -p tcp -s ! x.x.x.x --dport ssh -j DROP
>>>
>>> The result is that I can ssh only from the ousided IP, not from local
>>> network. If I switch the two rules, the result is the same.
>>>
>>> Can anyone help me to understand ?
>>>
>>
>> You can have a default drop rule on all input traffic, then add a couple
>> of specific rules to allow it from your local network, and another to
>> allow it from a specific address.
>>
>>
>
>
--
Cheers
Res
"We can be Heroes, just for one day" - Davey (Jones) Bowie
More information about the fedora-list
mailing list