[FSUG PD] iptables

Alessandro GARDICH gremlin a gremlin.it
Lun 19 Nov 2007 14:42:48 CET 

iptables -A INPUT -p tcp -m state --state NEW --source XXX.XXX.XXX.XXX --dport 8081 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW --source 127.0.0.1 --dport 8081 -j ACCEPT
iptables -A INPUT -p tcp --dport 8081 -j DROP




Yuri wrote:
> Alessandro GARDICH wrote:
>   
>> l'ordine e` importante !!!
>>
>> al primo DROP salta le regole successive
>>
>>   
>>     
> tradotto?
>
> Che devo fare?
>
>   
>> Yuri wrote:
>>   
>>     
>>> Salve,
>>>
>>> volendo limitare le connessioni al mio computer verso la porta 8081
>>> ho scritto:
>>>
>>> iptables -A INPUT -p tcp --dport 8081 -j DROP
>>> iptables -A INPUT -p tcp -m state --state NEW --source XXX.XXX.XXX.XXX 
>>> --dport 8081 -j ACCEPT
>>> iptables -A INPUT -p tcp -m state --state NEW --source 127.0.0.1 --dport 
>>> 8081 -j ACCEPT
>>>
>>> debian:~# iptables -L
>>> Chain INPUT (policy ACCEPT)
>>> target prot opt source destination
>>> DROP tcp -- anywhere anywhere tcp dpt:tproxy
>>> ACCEPT tcp -- XXX.XXX.XXX.XXX anywhere state NEW tcp dpt:tproxy
>>> ACCEPT tcp -- debian anywhere state NEW tcp dpt:tproxy
>>>
>>> Chain FORWARD (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> che in teoria dovrebbe limitare le connessioni alla porta 8081 al mio
>>> localhost e al mio ip (tanto per star tranquilli).
>>>
>>> Invece non mi fa accedere... avete qualche idea?
>>>
>>> iptable -L mi lista queste rule correttamente. Cancellandole posso
>>> riaccedere, ho provato mettendo il deny sia prima che dopo le altre due
>>> regole, ma niente...
>>>
>>> _______________________________________________
>>> fsug-pd mailing list
>>> fsug-pd a lists.fsugpadova.org
>>> http://lists.fsugpadova.org/listinfo/fsug-pd
>>>
>>>   
>>>     
>>>       
>>   
>>     
>
> _______________________________________________
> fsug-pd mailing list
> fsug-pd a lists.fsugpadova.org
> http://lists.fsugpadova.org/listinfo/fsug-pd
>
>   

-- 
 /-------------------------------------------------------------\
|           Alessandro Gardich : gremlin a gremlin.it             |
 >-------------------------------------------------------------<
|  I never saw a wild thing sorry for itself.                   |
|  A small bird will drop frozen dead from a bough              |
|  without ever having felt sorry for itself.                   |
 \-------------------------------------------------------------/

Maggiori informazioni sulla lista fsug-pd