LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (http://www.linuxquestions.org/questions/red-hat-31/)
-   -   iptables doesn't work as expected (http://www.linuxquestions.org/questions/red-hat-31/iptables-doesnt-work-as-expected-4175446039/)

rluo 01-17-2013 10:08 AM

iptables doesn't work as expected
 
Hi All,
I want to use the command below to block port 23 for all IPs except one 192.168.1.11:
#iptables -A INPUT ! -s 192.168.1.11 -p tcp --dport 23 -j DROP

after I am done and restart iptables, all other IPs can still telnet it. not sure if anyone knows what my problem is?

thanks,
Ray

david1941 01-17-2013 10:36 AM

The -A flag means "append" to the chain. Of course all the previous rules would then apply. You might want your rule inserted earlier than the others. In that case use the "-I" insert flag.

rluo 01-17-2013 12:13 PM

Quote:

Originally Posted by david1941 (Post 4872278)
The -A flag means "append" to the chain. Of course all the previous rules would then apply. You might want your rule inserted earlier than the others. In that case use the "-I" insert flag.

Thanks, David. It works now for both -A and -I. The problem was I restarted iptables after I FLUSH the current firewall rules.

wstewart 01-18-2013 12:34 AM

The more common and more secure way to do this would be to just block all inbound traffic and only allow the traffic that you want in your network. That way you don't have to go around blocking every single port that you want to be secured and instead only add the ports that you want to open as an exception Since there would be tens of thousands of ports to lock down.

iptables -P INPUT DROP
iptables -A INPUT -s 192.168.1.11 -p tcp --dport 23 -j ACCEPT


All times are GMT -5. The time now is 11:54 AM.