All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Leonardo Rodrigues Magalhães" <leolistas@solutti.com.br>
To: Grant Adamson <gadamson@shaw.ca>
Cc: netfilter@lists.netfilter.org
Subject: Re: All interface specifications being replaced by ANYWHERE
Date: Mon, 12 Dec 2005 11:31:11 -0300	[thread overview]
Message-ID: <439D89AF.20200@solutti.com.br> (raw)
In-Reply-To: <001c01c5fd16$af0deb40$0201a8c0@shodan>



Grant Adamson escreveu:

>Hi All,
>
>I recently redid my home gateway/NAT box with debian 3.1, and everything
>looked to be working fine until I did a quick scan on it from outside to
>test the firewall. All the services running appeared to be exposed. Checking
>my rules with iptables -L, I found that for some reason, everywhere I had
>specified a physical interface, it had been replaced by ANYWHERE.
>
>For example, the following rule:
>
>iptables -A INPUT -m state --state NEW -i ! $EXTIF -j ACCEPT
>
>Ends up appearing in the iptables -L list as:
>
>target     prot opt source               destination
>ACCEPT     all  --  anywhere             anywhere            state NEW
>
>  
>

    To see interfaces, you should use -v option on iptables. Interfaces 
do not show when you use -L alone.

    I always use iptables -nL TABLENAME -v (TABLENAME is optional).

    Please check your rules with:  iptables -nL INPUT -v

-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it






      parent reply	other threads:[~2005-12-12 14:31 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-09 23:17 All interface specifications being replaced by ANYWHERE Grant Adamson
2005-12-12 13:50 ` myhapwcforever
2005-12-12 14:31 ` Leonardo Rodrigues Magalhães [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=439D89AF.20200@solutti.com.br \
    --to=leolistas@solutti.com.br \
    --cc=gadamson@shaw.ca \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.