Hi all, I'm attempting to set up a simple firewall on a virtual server. I have the following:
iptables --flush iptables -t nat --flush iptables -t mangle --flush iptables --policy INPUT DROP iptables --policy OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -i venet0 --dport 22 -m state --state NEW -j ACCEPT iptables -A INPUT -p tcp -i venet0 --source m.y.i.p --dport 80 -m state --state NEW -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -j LOG iptables -A INPUT -j REJECT (And iptables -L shows that this setup has been accepted.) This was supposed to only allow my box (or at least my public IP) access to port 80 on this server. I can not access port 80 at all, however. (Please note that without --source it works as expected.) What am I doing wrong? On a related note, the logging only logs the packet, but no timestamp. Is that configurable somewhere? Cheers, Hilco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTi=9ir+se-w2fd_mjq4r-pdgvgo...@mail.gmail.com
