iptables --policy (login slow)
Dear all,
This is my current iptables (with default policy = Accept) and no rules. Code:
[root@racnode1 ~]# iptables -L -v Code:
[root@racnode1 ~]# iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT Code:
[root@racnode1 ~]# iptables --policy INPUT DROP Upon this, I have 2 issues a) my iptables -L -v command can't display fully, i am stuck at below Quote:
Quote:
If i removed revert the INPUT policy to ACCEPT, then everything will be fine as normal. Why ? Thanks and look forward to your advises. Regards, Noob ;( |
iptables --policy (login slow)
don't now the reason but there's problem with your input policy
if you want to let packets from your subnet in , you should put input policy to 'reject' and then tell explicitly what things can get in |
Quote:
Code:
*filter |
Quote:
Code:
vim /etc/sysconfig/iptables Can I know in what way is my iptable above incomplete ? Regards, Alan |
Quote:
|
Quote:
Thanks for pointing it out. I tried your configuration and comment it line by line to see the impact, it seems to me that the problem why i am not able to display iptables -L -v completely is due to this missing line Code:
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT Code:
# Generated by iptables-save v1.4.7 on Mon Jan 12 03:00:23 2015 Thank you so much |
Quote:
*Also note it is better to run 'iptables-save' instead of 'iptables -L -v' because: - it doesn't require address and port resolution (note a lot of applications have a "-n" switch or equivalent: see for example 'man iptables' or 'man netstat'), - it shows you all rules in all tables (raw, mangle, etc, etc) and - it is a list of the actual rules in use (/etc/sysconfig/iptables is just a file on disk and rules can be modified on the fly and without restarting iptables). |
All times are GMT -5. The time now is 12:47 AM. |