iptables problem
Gaddis, Jeremy L.
jeremy at linuxwiz.net
Thu Jan 18 09:46:21 UTC 2007
On 1/18/07, tamer amr <tamer_linux at yahoo.com> wrote:
> thank for replay
> but i still cant understand the difference
>
> 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> 2 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
> here i can ssh the host
Of course you can. Your second rule is telling iptables to allow
"NEW" ssh connections. The first rule will not match on *NEW*
connections and is not involved in the "setting up" of new
connections.
> then i removed the seconed rule to be
> 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> here i cound not ssh this host
Right, because you removed the rule that was permitting the
connections in the first place. Flush your ruleset, run "iptables
-vnL", and look at the counters. Connect in via SSH, then run
"iptables -vnL" again and look at the counters. You'll see that the
second rule is what's matching your *NEW* connection to 22/TCP.
--
Jeremy L. Gaddis, MCP, GCWN
http://www.linuxwiz.net/
More information about the redhat-list
mailing list