Re: iptables rule not working as expected
- From: Pascal Hambourg <boite-a-spam@xxxxxxxxxxxxxxx>
- Date: Fri, 13 Aug 2010 22:36:41 +0200
Hello,
Greg Russell a écrit :
I feel we have a fairly restrictive firewall in place, but my attempts to
allow DHCP from a range of IP addresses seem to fail.
What do you mean by "allow DHCP from a range of IP" ?
Using a simple script I wrote, we see:
Resolved_Address Packets Bytes Protocol(s) Dest.Port(s)
...
148.78.249.200 3 560 UDP 54366
Totals 4 0.7KB for search pattern "UNSOLICITED"
What does this script do ? Can you send the complete messages from the
LOG rule ?
The ruleset is:
*filter
:INPUT DROP [wlan0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i wlan0 -p udp -s 148.78.249.200/28 -m state --state NEW -j
ACCEPT
Note that 148.78.249.200/28 is not a valid prefix ; 148.78.249.192/28 is.
-A INPUT -i wlan0 -m state --state NEW -j LOG --log-level 7 --log-prefix.
UNSOLICITED:
COMMIT
- Follow-Ups:
- Re: iptables rule not working as expected
- From: Bonno Bloksma
- Re: iptables rule not working as expected
- Prev by Date: Re: unable to start xinetd
- Next by Date: Re: building a new web server
- Previous by thread: unable to start xinetd
- Next by thread: Re: iptables rule not working as expected
- Index(es):
Relevant Pages
|
