[Gllug] iptables ignoring rules?
John Edwards
john at cornerstonelinux.co.uk
Wed Oct 13 09:38:09 UTC 2010
On Wed, Oct 13, 2010 at 09:49:42AM +0100, gvim wrote:
> Centos 5.5
>
> My firewall script contains these entries:
>
> iptables -A INPUT -p TCP -j ACCEPT -m state --state NEW -s 192.168.1.0/8
> iptables -A INPUT -p UDP -j ACCEPT -m state --state NEW -s 192.168.1.0/8
>
> ... but /var/log/messages has many of these entries (abbreviated):
>
> kernel: Dropped by default:IN=eth0 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=19845 DF PROTO=2
>
> 192.168.1.254 is the router's IP. What's going wrong?
Protocol 2 is IGMP, a multicasting protocol different to TCP or UDP.
If you want to accept all traffic from that subnet then just drop
the TCP/UDP requirement, to get something like:
iptables -A INPUT -j ACCEPT -m state --state NEW -s 192.168.1.0/8
ps. For an easier frontend to iptables you may want to have a look at
shorewall instead of using custom rules. It'll be quicker and simpler
to maintain, though you will not learn all the iptables oddities.
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20101013/f5939128/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list