iptables problem
tamer amr
tamer_linux at yahoo.com
Thu Jan 18 11:44:02 UTC 2007
thank you
i get it but what the useful in the first rule
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
as long as connect via ssh i must make connection not a established connection
so i understand that rule
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
it is not useful isn't it ?
"Gaddis, Jeremy L." <jeremy at linuxwiz.net> wrote: On 1/18/07, tamer amr wrote:
> thank for replay
> but i still cant understand the difference
>
> 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> 2 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
> here i can ssh the host
Of course you can. Your second rule is telling iptables to allow
"NEW" ssh connections. The first rule will not match on *NEW*
connections and is not involved in the "setting up" of new
connections.
> then i removed the seconed rule to be
> 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> here i cound not ssh this host
Right, because you removed the rule that was permitting the
connections in the first place. Flush your ruleset, run "iptables
-vnL", and look at the counters. Connect in via SSH, then run
"iptables -vnL" again and look at the counters. You'll see that the
second rule is what's matching your *NEW* connection to 22/TCP.
--
Jeremy L. Gaddis, MCP, GCWN
http://www.linuxwiz.net/
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
---------------------------------
Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.
More information about the redhat-list
mailing list