On 07/30/2014 01:44 AM, Frank Kirschner wrote: > Lloyd, > > hmm, it's senseless doubled but please can you try out what happens if you > add on 1st line: > > # /sbin/iptables -I INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT > # /sbin/service iptables save
Frank, I can try it, but I'm not sure what you're expecting to see. I have a working setup, so without understanding what you're expecting to happen, I'm not sure what to look for. And there is already this one in the stock setup: > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT While it's not exactly the same, the only difference would be the "NEW" flag. I'm not sure what benefit that would be, other than accepting all new connections (if I'm understanding the flag correctly). While this would probably work for at least some of the stuff I'm doing, it seems excessively open. I could also flush all the tables (iptables -F), and get it working, but it doesn't mean I want to leave my server quite so open and unprotected. > > Do you have any OUTPUT rules in your iptables set? Nope. I've checked all 4 tables (raw, mangle, nat, filter) that I can find that have an OUTPUT chain, and there doesn't seem to be anything in any of them. I certainly hadn't done it on purpose, and it doesn't seem to be a part of the stock RHEL setup. > After disabeling SeLINUX do you have reboot the system? Yes. You do need to reboot to disable SELinux. And I did. And it didn't have any effect, as far as I could tell. > > hope that helps, > best regards > Frank _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users