iptables isn't blocking IP
Aleksandar Milivojevic
amilivojevic at pbl.ca
Fri Jan 21 16:21:30 UTC 2005
Alexander Dalloz wrote:
> My answer would be: NO. Please see my other reply. I suspect that the
> default iptables design from FC is still active for Kevin. So incoming
> traffic to port 22 is already catched by rule
>
> -A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp
> --dport 22 -j ACCEPT
If he's using default design from FC, it is very likely that whatever he
puts in will be overwritten on updates or next time he runs Red Hat's
firewall config tool. I've saw in couple of places things like "if
string RH-Firewall-1-INPUT is present in /etc/sysconfig/iptables, assume
we have full controll of it, and overwrite it completely".
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list