[lug] ipchains question
D. Stimits
stimits at idcomm.com
Thu Feb 21 23:28:04 MST 2002
Add logging to your accept rules and try again. See if it tells you
which is accepting it.
D. Stimits, stimits at idcomm.com
Chip Atkinson wrote:
>
> Greetings,
>
> In reviewing some ipchains rules, I'm getting packets accepted when I
> thought they would be getting denied.
>
> >From what I understand, the packet is compared to each rule and upon
> matching, the matched target is jumped to. Here's what I have:
>
> [root at poodle sysconfig]# ipchains -L input
> Chain input (policy ACCEPT):
> target prot opt source destination ports
> icmp-acc icmp ------ anywhere anywhere any -> any
> ssh-acc tcp ------ anywhere anywhere any -> ssh
> ssh-acc udp ------ anywhere anywhere any -> ssh
> ssh-acc tcp ------ anywhere anywhere ssh -> any
> ssh-acc udp ------ anywhere anywhere ssh -> any
> ACCEPT tcp ------ anywhere anywhere any -> smtp
> ACCEPT tcp ------ anywhere anywhere any -> auth
> ACCEPT tcp ------ anywhere anywhere auth -> any
> ACCEPT tcp !y---- jymis.com pupman.com telnet -> any
> DENY tcp -y--l- jymis.com pupman.com any -> telnet
> ACCEPT tcp ------ pupman.com jymis.com any -> telnet
> DENY all ----l- anywhere anywhere n/a
> [root at poodle sysconfig]# ipchains -v -C input -p tcp -i eth0 -s 63.225.119.190 60000 -d 10.0.0.5 ircd
> - tcp opt ------ tos 0xFF 0x00 via eth0 63.225.119.190 -> 10.0.0.5
> 60000 -> 6667
> accepted
>
> This doesn't make sense to me. I thought that the DENY at the bottom
> would match any packet that made it through all the rules, and that the
> packet being tested would certainly match the last rule.
>
> Can anyone point out what I'm missing?
> Thanks in advance.
>
> Chip
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list