* All interface specifications being replaced by ANYWHERE
@ 2005-12-09 23:17 Grant Adamson
2005-12-12 13:50 ` myhapwcforever
2005-12-12 14:31 ` Leonardo Rodrigues Magalhães
0 siblings, 2 replies; 3+ messages in thread
From: Grant Adamson @ 2005-12-09 23:17 UTC (permalink / raw)
To: netfilter
Hi All,
I recently redid my home gateway/NAT box with debian 3.1, and everything
looked to be working fine until I did a quick scan on it from outside to
test the firewall. All the services running appeared to be exposed. Checking
my rules with iptables -L, I found that for some reason, everywhere I had
specified a physical interface, it had been replaced by ANYWHERE.
For example, the following rule:
iptables -A INPUT -m state --state NEW -i ! $EXTIF -j ACCEPT
Ends up appearing in the iptables -L list as:
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW
Needless to say, this doesn't make for a very good situation. Has anyone
ever seen a problem like this before? Any suggestions would be greatly
appreciated.
Thanks,
Grant
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: All interface specifications being replaced by ANYWHERE
2005-12-09 23:17 All interface specifications being replaced by ANYWHERE Grant Adamson
@ 2005-12-12 13:50 ` myhapwcforever
2005-12-12 14:31 ` Leonardo Rodrigues Magalhães
1 sibling, 0 replies; 3+ messages in thread
From: myhapwcforever @ 2005-12-12 13:50 UTC (permalink / raw)
To: netfilter
> For example, the following rule:
>
> iptables -A INPUT -m state --state NEW -i ! $EXTIF -j ACCEPT
What is the value of EXTIF?
> Ends up appearing in the iptables -L list as:
>
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state NEW
I think you did not "-d" option. It may mean anywhere.
iptables -A INPUT -d $ALLOWIP -m state --state NEW -i ! $EXTIF -j ACCEPT
ok?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: All interface specifications being replaced by ANYWHERE
2005-12-09 23:17 All interface specifications being replaced by ANYWHERE Grant Adamson
2005-12-12 13:50 ` myhapwcforever
@ 2005-12-12 14:31 ` Leonardo Rodrigues Magalhães
1 sibling, 0 replies; 3+ messages in thread
From: Leonardo Rodrigues Magalhães @ 2005-12-12 14:31 UTC (permalink / raw)
To: Grant Adamson; +Cc: netfilter
Grant Adamson escreveu:
>Hi All,
>
>I recently redid my home gateway/NAT box with debian 3.1, and everything
>looked to be working fine until I did a quick scan on it from outside to
>test the firewall. All the services running appeared to be exposed. Checking
>my rules with iptables -L, I found that for some reason, everywhere I had
>specified a physical interface, it had been replaced by ANYWHERE.
>
>For example, the following rule:
>
>iptables -A INPUT -m state --state NEW -i ! $EXTIF -j ACCEPT
>
>Ends up appearing in the iptables -L list as:
>
>target prot opt source destination
>ACCEPT all -- anywhere anywhere state NEW
>
>
>
To see interfaces, you should use -v option on iptables. Interfaces
do not show when you use -L alone.
I always use iptables -nL TABLENAME -v (TABLENAME is optional).
Please check your rules with: iptables -nL INPUT -v
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-12-12 14:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-12-09 23:17 All interface specifications being replaced by ANYWHERE Grant Adamson
2005-12-12 13:50 ` myhapwcforever
2005-12-12 14:31 ` Leonardo Rodrigues Magalhães
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.