|
Re: iptables: allowing only listed hosts to connect to a port
Hello,
Mark Hobley a écrit :
>
> After running the script iptables -L -n reveals:
>
> Chain INPUT (policy ACCEPT)
> ACCEPT tcp -- 10.0.0.0/8 anywhere tcp dpt:7500
> ACCEPT tcp -- 192.168.0.0/16 anywhere tcp dpt:7500
> ACCEPT tcp -- 51.0.0.0/8 anywhere tcp dpt:7500
> ACCEPT tcp -- 62.30.0.0/16 anywhere tcp dpt:7500
> ACCEPT tcp -- 80.0.0.0/13 anywhere tcp dpt:7500
> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7500
>
> I find that hosts outside of the list are still able to access the port.
Weird. Are there other rules in the ruleset ? What happens if you remove
all the ACCEPT rules and leave only the DROP rule ?
> Is the last entry in the table correct?
>
> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7500
> |
> Should this read "anywhere"?
With the -n option it is the "anywhere" in the other lines which should
read "0.0.0.0/0".
|