opening up an ipchain

Alex Feldman alex at alexandrite.boisestate.edu
Wed Nov 15 15:34:35 CET 2006


Thanks very much, Baltasar - I will try what you said, particularly with
looking at the log file - the two computers are in different locations
(and different from the one I am in now), so it takes at least a day to
try anything, but I would greatly appreciate some elaboration on one of
the things you wrote:

:> I suspect you either have some more rules added somewhere (check that
:> using "iptables -L -v", look for REJECT and DROP targets), a typo in
:> the mac (you may try whether "arp" shows you an address for your
:> other computer) or an error unrelated to packet filtering.

This gets at the heart of my larger question, as opposed to simply "what
do I have to do to get this to work?"  What other rules would interfere
with this?  This is either the last or the second to last rule I add,
and the first rules I have are:

iptables --policy INPUT   DROP
iptables --policy OUTPUT  ACCEPT
iptables --policy FORWARD DROP

So I begin by dropping everything, and then pick up a few things I want,
like this mac address.  Could any rule I put in before the one that
accepts the mac address interfere with this one?  If so, how?  And is
this the kind of thing where it makes a difference if you use -A or -I?
I'm all but certain there are no other iptables rules around - if I
remove the file that has these in them, my computer appears to be open
to the whole world.

Thanks very much.

-- 
	--alex			alex at math.boisestate.edu

        <a href="http://math.boisestate.edu/~alex/">Alex Feldman</a>



More information about the netfilter mailing list