All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Joey" <Joey@Web56.net>
To: IPTables <netfilter@vger.kernel.org>
Subject: help with whitelist
Date: Wed, 29 Oct 2008 14:13:10 -0400	[thread overview]
Message-ID: <001101c939f2$00158910$00409b30$@net> (raw)

Hello All,

 

I have been refining my iptables code and have perfected the blocking side (
thanks to all who helped! ).  Rules here http://web56.net/iptables-save.cfg

 

But now, I need to create some whitelist entries.

 

Lets say I have a block rule of 207.144.68.0/24 and I need to whitelist
207.144.68.15

 

I tried this by hand for testing purposes:

 

Create chain

iptables -N WHITE_LIST

rue for chain

iptables -A WHITE_LIST -p tcp --dport 25 -s 207.144.68.15 -m state --state
NEW -j ACCEPT

hook rule

iptables -A INPUT -j WHITE_LIST

 

I also tried this, but no luck

 

iptables -A INPUT -p tcp -s 207.44.168.15 -j LOG --log-prefix JOEY-TEST-JOEY

iptables -A INPUT -p tcp -s 207.44.168.15 --dport 25 -j DROP

iptables -N WHITE_LIST

iptables -A SMTP_TRAFFIC -j WHITE_LIST

iptables -N LOG_WHITE_LIST

iptables -A LOG_WHITE_LIST -j LOG --log-prefix "WHITELISTED"

iptables -A LOG_WHITE_LIST -j ACCEPT

 

I'm not real clear on this so I figured before I break something ask for
help.

 

Thanks!


Joey



             reply	other threads:[~2008-10-29 18:13 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-29 18:13 Joey [this message]
  -- strict thread matches above, loose matches on Subject: below --
2009-02-09 20:34 help with whitelist Joey
2009-02-10 14:49 ` Gáspár Lajos
2009-02-10 14:58   ` Joey
2009-02-10 15:06     ` Gáspár Lajos
2009-03-11 18:21 Help " Joey
2009-03-11 19:22 ` Nikolay S. Rybaloff

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='001101c939f2$00158910$00409b30$@net' \
    --to=joey@web56.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.