[iptables] Why do 'iptables -A OUTPUT -j REJECT' at the end of the chain OUTPUT override the previous rules??

Posted by Serge on Server Fault See other posts from Server Fault or by Serge
Published on 2011-01-16T04:32:48Z Indexed on 2011/01/16 4:54 UTC
Read the original article Hit count: 273

Filed under:

Those are my IPTABLES rules:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p udp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

iptables -A OUTPUT  -j REJECT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

Im using a remote ssh conetion to set them up, but after i set:

iptables -A OUTPUT  -j REJECT

My connection get lost. I have read all the documentation for Iptables and i can figure out anything, the global Rejects for INPUT work well because i can access to the web page but i get a timeout for ssh. Any idea?

Thanks

© Server Fault or respective owner

Related posts about iptables