From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Comment: RFC 2476 MSA function at mx14.yandex.ru logged sender identity as: shader Message-ID: <433CBBEE.1080400@yandex.ru> Date: Fri, 30 Sep 2005 08:15:42 +0400 From: "Alexey V. Novikov" User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: ru-ru, ru MIME-Version: 1.0 To: Michael Holzman , ALT Linux Community Subject: Re: [Comm] IPTABLES problem References: In-Reply-To: Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 8bit Cc: X-BeenThere: community@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ALT Linux Community List-Id: ALT Linux Community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2005 04:15:59 -0000 Archived-At: List-Archive: List-Post: 29.09.2005 19:11, Michael Holzman пишет: > Уважаемое community! > > Объясните, пожалуйста, почему приведенный ниже файл конфигурации > iptables ничего не фильтрует? > > # Generated by iptables-save v1.2.9 on Sat Sep 10 21:14:42 2005 > *nat > :PREROUTING ACCEPT [3404:355335] > :POSTROUTING ACCEPT [4946:259245] > :OUTPUT ACCEPT [11325:439233] > [146:7913] -A POSTROUTING -o ppp0 -j MASQUERADE > COMMIT > # > *mangle > :PREROUTING ACCEPT [175367:159461944] > :INPUT ACCEPT [170807:159947518] > :FORWARD ACCEPT [6112:571711] > :OUTPUT ACCEPT [227467:15591197] > :POSTROUTING ACCEPT [236980:16323205] > COMMIT > # > *filter > :INPUT ACCEPT [168880:158869739] > :FORWARD ACCEPT [6070:568960] > :OUTPUT ACCEPT [227467:15591197] > [0:0] -A INPUT -i eth1 -j ACCEPT > [7:591] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT > [0:0] -A INPUT -i eth0 -p tcp -m tcp -j REJECT --reject-with tcp-reset > COMMIT > # Completed on Sat Sep 10 21:14:42 2005 А должен? У Вас же почти везде стоит accept, кроме последнего правила, а iptables рассматривает их по порядку. Измените дефолты на drop - все начнет фильтровать. -- WBR, Alexey V. Novikov