opening up an ipchain
Alex Feldman
alex at alexandrite.boisestate.edu
Wed Nov 15 15:34:35 CET 2006
Thanks very much, Baltasar - I will try what you said, particularly with
looking at the log file - the two computers are in different locations
(and different from the one I am in now), so it takes at least a day to
try anything, but I would greatly appreciate some elaboration on one of
the things you wrote:
:> I suspect you either have some more rules added somewhere (check that
:> using "iptables -L -v", look for REJECT and DROP targets), a typo in
:> the mac (you may try whether "arp" shows you an address for your
:> other computer) or an error unrelated to packet filtering.
This gets at the heart of my larger question, as opposed to simply "what
do I have to do to get this to work?" What other rules would interfere
with this? This is either the last or the second to last rule I add,
and the first rules I have are:
iptables --policy INPUT DROP
iptables --policy OUTPUT ACCEPT
iptables --policy FORWARD DROP
So I begin by dropping everything, and then pick up a few things I want,
like this mac address. Could any rule I put in before the one that
accepts the mac address interfere with this one? If so, how? And is
this the kind of thing where it makes a difference if you use -A or -I?
I'm all but certain there are no other iptables rules around - if I
remove the file that has these in them, my computer appears to be open
to the whole world.
Thanks very much.
--
--alex alex at math.boisestate.edu
<a href="http://math.boisestate.edu/~alex/">Alex Feldman</a>
More information about the netfilter
mailing list