LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices



Reply
 
Search this Thread
Old 01-17-2013, 11:08 AM   #1
rluo
LQ Newbie
 
Registered: Dec 2011
Posts: 4

Rep: Reputation: Disabled
iptables doesn't work as expected


Hi All,
I want to use the command below to block port 23 for all IPs except one 192.168.1.11:
#iptables -A INPUT ! -s 192.168.1.11 -p tcp --dport 23 -j DROP

after I am done and restart iptables, all other IPs can still telnet it. not sure if anyone knows what my problem is?

thanks,
Ray
 
Old 01-17-2013, 11:36 AM   #2
david1941
Member
 
Registered: May 2005
Location: St. Louis, MO
Distribution: CentOS6
Posts: 267

Rep: Reputation: 57
The -A flag means "append" to the chain. Of course all the previous rules would then apply. You might want your rule inserted earlier than the others. In that case use the "-I" insert flag.

Last edited by david1941; 01-17-2013 at 11:37 AM. Reason: add the "I"
 
1 members found this post helpful.
Old 01-17-2013, 01:13 PM   #3
rluo
LQ Newbie
 
Registered: Dec 2011
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by david1941 View Post
The -A flag means "append" to the chain. Of course all the previous rules would then apply. You might want your rule inserted earlier than the others. In that case use the "-I" insert flag.
Thanks, David. It works now for both -A and -I. The problem was I restarted iptables after I FLUSH the current firewall rules.
 
Old 01-18-2013, 01:34 AM   #4
wstewart
Member
 
Registered: Dec 2012
Location: Tampa, FL
Distribution: Slackware, FreeBSD, CentOS
Posts: 41

Rep: Reputation: 1
The more common and more secure way to do this would be to just block all inbound traffic and only allow the traffic that you want in your network. That way you don't have to go around blocking every single port that you want to be secured and instead only add the ports that you want to open as an exception Since there would be tens of thousands of ports to lock down.

iptables -P INPUT DROP
iptables -A INPUT -s 192.168.1.11 -p tcp --dport 23 -j ACCEPT

Last edited by wstewart; 01-18-2013 at 01:36 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Subwoofer doesn't work as expected Kubuntu Linux - Hardware 0 06-20-2012 04:23 PM
Crond script doesn't work as expected Karimo Slackware 1 02-14-2010 07:32 PM
iptables doesn't work DBabo Linux - Security 23 06-08-2009 10:26 PM
iptables rules doesn't work as expected.. Shioni Linux - Security 4 11-15-2006 02:37 AM
IPTables doesn't seem to work X11 Linux - Software 7 07-08-2002 01:39 AM


All times are GMT -5. The time now is 03:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration