ip6tables+tcp - Am I doing something wrong?
Jan Rekorajski
baggins@sith.mimuw.edu.pl
Fri, 7 Jul 2000 15:10:40 +0200
I think there is a bug somewhere in ip6t_tcp. It looks like
ip6tables completely ignores any rules I set:
spider /root~# ip6tables -A INPUT --proto tcp --dport 22 -j DROP
spider /root~# ip6tables -A OUTPUT --proto tcp --sport 22 -j DROP
spider /root~# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP tcp anywhere anywhere tcp spt:ssh
Now, I should not be able to ssh to spider, but I am :o
When I make default policy DROP and allow connections to/from port 22,
then I am _not_ able to connect.
The same rules applied to IP4 work perfectly.
Kernel is 2.4.0-test3-pre2 with all patches from netfilter and
net patch from ANK (without this sit tunnel is acting funny).
Userspace tools taken from CVS.
Jan
--
Jan Rêkorajski | ALL SUSPECTS ARE GUILTY. PERIOD!
baggins<at>mimuw.edu.pl | OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY?
BOFH, type MANIAC | -- TROOPS by Kevin Rubio