[Gllug] iptables ignoring rules?
Martin A. Brooks
martin at hinterlands.org
Wed Oct 13 08:53:09 UTC 2010
On Wed, October 13, 2010 09:49, gvim wrote:
> Centos 5.5
>
> My firewall script contains these entries:
>
> iptables -A INPUT -p TCP -j ACCEPT -m state --state NEW -s
> 192.168.1.0/8
> iptables -A INPUT -p UDP -j ACCEPT -m state --state NEW -s
> 192.168.1.0/8
>
> ... but /var/log/messages has many of these entries (abbreviated):
>
> kernel: Dropped by default:IN=eth0 SRC=192.168.1.254 DST=224.0.0.1 LEN=36
> TOS=0x00 PREC=0xC0 TTL=1 ID=19845 DF PROTO=2
>
> 192.168.1.254 is the router's IP. What's going wrong?
I suspect you're probably being dropped by an earlier rule, it's first
match wins. As an experiment, try "-I" rather than "-A", but iptables -L
will show the rules in the order they will be processed.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list