[iptables] Why do 'iptables -A OUTPUT -j REJECT' at the end of the chain OUTPUT override the previous rules??
Posted
by
Serge
on Server Fault
See other posts from Server Fault
or by Serge
Published on 2011-01-16T04:32:48Z
Indexed on
2011/01/16
4:54 UTC
Read the original article
Hit count: 273
iptables
Those are my IPTABLES rules:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p udp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
iptables -A OUTPUT -j REJECT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT
Im using a remote ssh conetion to set them up, but after i set:
iptables -A OUTPUT -j REJECT
My connection get lost. I have read all the documentation for Iptables and i can figure out anything, the global Rejects for INPUT work well because i can access to the web page but i get a timeout for ssh. Any idea?
Thanks
© Server Fault or respective owner