Tugger the SLUGger!SLUG Mailing List Archives

[SLUG] iptables - filtering not working.

Here are the rules, I want to stop port 80 being accepted from any
network except squid on this machine.  This is not working.

I think I have a drop all INPUT for port 80 and it is not dropping.

Help...


gateway:~# iptables -L INPUT
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere           tcp dpt:www
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  127.0.0.0/8          anywhere           LOG level
warning
DROP       all  --  127.0.0.0/8          anywhere
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  192.168.0.0/24       anywhere
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
LOG        all  --  192.168.0.0/24       anywhere           LOG level
warning
DROP       all  --  192.168.0.0/24       anywhere
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  anywhere            
c211-30-226-107.rivrw4.nsw.optusnet.com.au
ACCEPT     all  --  anywhere             211.30.226.255
LOG        all  --  anywhere             anywhere           LOG level
warning
DROP       all  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere           tcp dpt:www
gateway:~# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere           tcp dpt:www
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  127.0.0.0/8          anywhere           LOG level
warning
DROP       all  --  127.0.0.0/8          anywhere
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  192.168.0.0/24       anywhere
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
LOG        all  --  192.168.0.0/24       anywhere           LOG level
warning
DROP       all  --  192.168.0.0/24       anywhere
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  anywhere             me.rivrw4.nsw.optusnet.com.au
ACCEPT     all  --  anywhere             211.30.226.255
LOG        all  --  anywhere             anywhere           LOG level
warning
DROP       all  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere           tcp dpt:www

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  192.168.0.0/24       anywhere
ACCEPT     all  --  anywhere             anywhere           state
RELATED,ESTABLISHED
LOG        all  --  anywhere             192.168.0.0/24     LOG level
warning
DROP       all  --  anywhere             192.168.0.0/24
LOG        all  --  anywhere             anywhere           LOG level
warning
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  anywhere             192.168.0.0/24
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
LOG        all  --  anywhere             192.168.0.0/24     LOG level
warning
DROP       all  --  anywhere             192.168.0.0/24
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  me.rivrw4.nsw.optusnet.com.au  anywhere
ACCEPT     all  --  211.30.226.255       anywhere
LOG        all  --  anywhere             anywhere           LOG level
warning
DROP       all  --  anywhere             anywhere



-- 
Thanks
KenF
OpenOffice.org developer
Generated by Mhonarch. Optimized for Standards.
Linux is a trademark of Linus Torvards.