[Comm] IPTABLES problem

Пт Сен 30 09:04:56 MSD 2005

On Thu, 29 Sep 2005 19:11:07 +0400, Michael Holzman wrote:

> Уважаемое community!
>
> Объясните, пожалуйста, почему приведенный ниже файл конфигурации
> iptables ничего не фильтрует?
>
> # Generated by iptables-save v1.2.9 on Sat Sep 10 21:14:42 2005
> *nat
> :PREROUTING ACCEPT [3404:355335]
> :POSTROUTING ACCEPT [4946:259245]
> :OUTPUT ACCEPT [11325:439233]
> [146:7913] -A POSTROUTING -o ppp0 -j MASQUERADE
> COMMIT
> #
> *mangle
> :PREROUTING ACCEPT [175367:159461944]
> :INPUT ACCEPT [170807:159947518]
> :FORWARD ACCEPT [6112:571711]
> :OUTPUT ACCEPT [227467:15591197]
> :POSTROUTING ACCEPT [236980:16323205]
> COMMIT
> #
> *filter
> :INPUT ACCEPT [168880:158869739]
> :FORWARD ACCEPT [6070:568960]
> :OUTPUT ACCEPT [227467:15591197]
> [0:0] -A INPUT -i eth1 -j ACCEPT
> [7:591] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
> [0:0] -A INPUT -i eth0 -p tcp -m tcp -j REJECT --reject-with tcp-reset
> COMMIT
> # Completed on Sat Sep 10 21:14:42 2005

Так, DROPaть чего-нибудь нужно, а у Вас все ACCEPT
:-)