[ale] Using iptables

Jim Popovitch jimpop at yahoo.com
Sun Jun 25 01:04:11 EDT 2006


Michael H. Warfield wrote:
> On Sun, 2006-06-25 at 00:23 -0400, Jim Popovitch wrote:
> 
>> I've never used "!" in iptables statements, but this should work for you:
> 
>> iptables -A INPUT -p tcp -s 218.23.45.2 --dport 80 -j ACCEPT
>> iptables -A INPUT -p tcp --dport 80 -j DROP
> 
> 	Won't work if he's already got a rule in his tables that accepts port
> 80 first.  The -A appends after everything.  If he's got a -A ... --port
> 80 ... -j ACCEPT in his /etc/sysconfig/iptables file (assuming he's
> using RedHat or FC or CentOS or any similar compatible flavor) then
> another -A after that won't do jack.  I've seen this too often where
> someone has a set of tables and expect an add-on rule to work when it
> never gets that far because a preceding rule takes precedence.

But it will work if he hasn't gotten any other rules. ;-)  Terry's post 
indicated that the command 'iptables ...' wasn't accepted, which I took 
to mean not accepted by sh/bash/csh/etc., and is easy to see due to bang 
being in the cmd line.  I suspect he would have said differently if the 
command was accepted but then didn't produce the desired result, so I 
offered something that should work assuming other things are in proper 
order.  What I suggested won't work if the power to his box is off, the 
network is down, the network  gateway is down, there is no keyboard, or 
the keyboard isn't connected, yada, yada, yada...  But enough about 
that.  ;-)

-Jim P.




More information about the Ale mailing list