opening up an ipchain

former03 | Baltasar Cevc baltasar.cevc at
Tue Nov 14 23:40:24 CET 2006

Hi Alex,

> However, I would like to open up the computer further, maybe not all 
> the
> way but for the moment that would be OK, to my own laptop via its mac
> address - I figure that would be pretty safe, but if not, I'd like to
> hear why not.  So I added the line:
> iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

That should be the rule you want to add. You don't need a -p all (which
esentially means the same as leving it out - "-p all" - match all
protocols or without that: ignore the protocol).

I suspect you either have some more rules added somewhere (check that
using "iptables -L -v", look for REJECT and DROP targets), a typo in
the mac (you may try whether "arp" shows you an address for your other
computer) or an error unrelated to packet filtering.

For debugging, try the following:
1) Add logging (-A INPUT -j LOG --log-prefix SOME_PREFIX___), look for
    the output in the syslog kernel log (the location depends on your
    distribution - I don't know FC - I've seen these outputs at
    /var/log/kern* mostly)
2) try whether the connection works if you switch off packet filtering
    for a short while (iptables -F; iptables -X; iptables -t nat -F;
    iptables -t nat -X)


Baltasar Cevc

_____ former 03 gmbh
_____ infanteriestraße 19 haus 6 eg
_____ D-80797 muenchen


More information about the netfilter mailing list