Hey Andy,
I could be wrong here, but this is my guess..
ipchains follows the rules you create in top down order until it meets a
rule that it matches..
Lets look at that input chain..
> Chain input (policy DENY):
> target prot opt source destination ports
> ACCEPT all ------ anywhere anywhere n/a
> ACCEPT all ------ anywhere debian.private.net n/a
> DENY icmp ------ localhost anywhere any -> any
> DENY icmp ------ localhost anywhere any -> any
> DENY icmp ------ localhost anywhere any -> any
Well, lets take that packet from 127.0.0.1 that is destined for
127.0.0.1...
Well, that fits the rule of ACCEPT any to any.. So it is allowed.
Try putting your denys up top and the accepts at the bottom (same for
output chain)
I have to be honest with ya, I work alot more with the forward chain so I
hope that all is right..
Good luck!
-Brett
On Sun, 10 Oct 1999 [EMAIL PROTECTED] wrote:
> Hello,
> I am having some problems getting ipchains to work. I did a fresh install of
> debian 2.1, downloaded, compiled and installed kernel 2.2.12. I tried an
> example from the IPChains-HOWTO:
>
> debian:/home/andy# ping localhost
> PING localhost (127.0.0.1): 56 data bytes
> 64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.1 ms
>
> --- localhost ping statistics ---
> 1 packets transmitted, 1 packets received, 0% packet loss
> round-trip min/avg/max = 0.1/0.1/0.1 ms
>
>
>
> debian:/home/andy# ipchains -A input -s 127.0.0.1 -p icmp -j DENY
>
> debian:/home/andy# ping localhost
> PING localhost (127.0.0.1): 56 data bytes
> 64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=1.0 ms
>
> --- localhost ping statistics ---
> 1 packets transmitted, 1 packets received, 0% packet loss
> round-trip min/avg/max = 1.0/1.0/1.0 ms
>
>
> debian:/home/andy# cat /proc/net/ip_fwchains
> input 00000000/00000000->00000000/00000000 lo 0 0 0 0 3459 0
> 105506 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
> input 00000000/00000000->0A000003/FFFFFFFF eth0 0 0 0 0 1114350 0
> 825399488 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
> input 7F000001/FFFFFFFF->00000000/00000000 - 10 0 1 0 0 0
> 0 0-65535 0-65535 AFF X00 00000000 0 0 DENY
> input 7F000001/FFFFFFFF->00000000/00000000 - 10 0 1 0 0 0
> 0 0-65535 0-65535 AFF X00 00000000 0 0 DENY
> input 7F000001/FFFFFFFF->00000000/00000000 - 10 0 1 0 0 0
> 0 0-65535 0-65535 AFF X00 00000000 0 0 DENY
> output 00000000/00000000->00000000/00000000 lo 0 0 0 0 3459 0
> 105506 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
> output 0A000000/FF800000->00000000/00000000 eth0 0 0 0 0 1150702 0
> 148151444 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
>
> debian:/home/andy# ipchains -L
> Chain input (policy DENY):
> target prot opt source destination ports
> ACCEPT all ------ anywhere anywhere n/a
> ACCEPT all ------ anywhere debian.private.net n/a
> DENY icmp ------ localhost anywhere any -> any
> DENY icmp ------ localhost anywhere any -> any
> DENY icmp ------ localhost anywhere any -> any
> Chain forward (policy DENY):
> Chain output (policy DENY):
> target prot opt source destination ports
> ACCEPT all ------ anywhere anywhere n/a
> ACCEPT all ------ localnet/9 anywhere n/a
>
> debian:/home/andy# uname -a
> Linux debian 2.2.12 #1 SMP Sun Oct 3 17:41:23 CDT 1999 i686 unknown
>
> What am I doing wrong here?
> Thanks,
> -Andy
>
>
>
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
