[PLUG] iptables redux

freyley at gmx.net freyley at gmx.net
Wed Aug 18 20:06:01 UTC 2004


On Tue, 2004-08-17 at 15:33, Roderick A. Anderson wrote:
> On Tue, 17 Aug 2004, Wil Cooley wrote:
> 
> > > Do deny/drop/reject rules come before or after the accept rules.
> > 
> > Rules are explicitly ordered in the chains.  So:
> >   1. Accept the IP addresses you want to allow
> >   2. Deny the rest
> 
> 
> So if I understand this correctly, on one of my RHL systems, if I have
> these lines in the /etc/sysconfig/iptables
> 
> -A RH-Lokkit-0-50-INPUT -s 1.2.3.0/255.255.255.0   -p tcp --dport 22 -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -s 4.5.6.7/255.255.255.255 -p tcp --dport 22 -j ACCEPT
> 
> -A RH-Lokkit-0-50-INPUT -s 0.0.0.0/0.0.0.0  -p tcp --dport 22 -j REJECT

Reject is a lot of work. Frequently cleaner just to DROP

Jeff






More information about the PLUG mailing list