From: "plugthebox.net /dev/null" <devnull@plugthebox.net>
To: frnkblk@iname.com
Cc: netfilter@lists.netfilter.org
Subject: RE: INPUT and PORTS
Date: Wed, 01 Nov 2006 15:41:22 +0200 [thread overview]
Message-ID: <1162388483.17873.33.camel@localhost> (raw)
In-Reply-To: <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAABaalp1/Z/jRK7sKuE7ceDgAQAAAAA=@iname.com>
Hello,
But i still have other users that only need to access 80 and 22.
Let me clarify my setup.
I have 3 users (they're around 2000 but lets use 3 for now), i want them
all to be able to connect INPUT to ports 80 and 22, sometimes, i want to
block some users, by not including them in the INPUT -s -j ACCEPT, but i
want to keep the other users INPUT -s -j ACCEPT to use 80 and 22
thanks
On Wed, 2006-11-01 at 06:51 -0600, Frank Bulk wrote:
> That's because you still have a rule that matches, specifically:
> /sbin/iptables -A FORWARD -m multiport -p tcp --ports 80,22 -j
> ACCEPT
> /sbin/iptables -A INPUT -m multiport -p tcp --ports 80,22 -j ACCEPT
>
> Frank
>
> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org
> [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of plugthebox.net
> /dev/null
> Sent: Wednesday, November 01, 2006 6:49 AM
> To: netfilter
> Subject: INPUT and PORTS
>
> Hello,
> I want to do the following, accept in comings from 10.2.2.115 only
> restricting to port 80,22
>
> is this correct?
>
> -P rules ...
> -F rules ...
> /sbin/iptables -A FORWARD -d 10.2.2.115 -j ACCEPT
> /sbin/iptables -A FORWARD -s 10.2.2.115 -j ACCEPT
> /sbin/iptables -A INPUT -s 10.2.2.115 -j ACCEPT
> /sbin/iptables -A FORWARD -m multiport -p tcp --ports 80,22 -j ACCEPT
> /sbin/iptables -A INPUT -m multiport -p tcp --ports 80,22 -j ACCEPT
>
> Eventhough i saw this setup in many tutorials/howtos, when ever i want
> to block 10.2.2.115 (by not listing him in the INPUT -j ACCEPT), that ip
> can still connect to port 80 and 22.
>
>
>
> Thanks
> Sincerely,
>
>
>
next parent reply other threads:[~2006-11-01 13:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAABaalp1/Z/jRK7sKuE7ceDgAQAAAAA=@iname.com>
2006-11-01 13:41 ` plugthebox.net /dev/null [this message]
2006-11-01 13:35 INPUT and PORTS anisha.chandrasekaran
-- strict thread matches above, loose matches on Subject: below --
2006-11-01 12:49 plugthebox.net /dev/null
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1162388483.17873.33.camel@localhost \
--to=devnull@plugthebox.net \
--cc=frnkblk@iname.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.