Iptables rule. Allow all from specific address.

Support for security such as Firewalls and securing linux
Post Reply
supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Iptables rule. Allow all from specific address.

Post by supertight » 2017/05/29 02:00:48

I have

Code: Select all

iptables -A INPUT -s xxx.xxx.x.22 -m mac --mac-source xx:xx:xx:xx:xx:xx -m state --state new -j ACCEPT
active on my iptables. With this rule, the server should accept any/all requests from the specified mac and ip, Correct?

I have httpd up and hosting an index page for testing. I can see the page with the iptables off. For some reason, with the tables on, I cant see it. SElinux is off for testing at the moment.

This same code is working on an identical server allowing access. I'm stumped. Can anyone see what I'm doing wrong?
Thanks for reading.

markkuk
Posts: 739
Joined: 2007/09/07 10:56:28
Location: Finland

Re: Iptables rule. Allow all from specific address.

Post by markkuk » 2017/05/29 06:02:53

Iptables rules are processed in order until a rule is found that matches the packet and decides if it ACCEPTed, DROPped or REJECTed. Your command adds the new rule at the end of the chain after the REJECT rule that matches all packets not handled by the previous rules, so your rule will never be used.
You need to insert (with -I option) the rule at a suitable point in the rule chain.

supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Re: Iptables rule. Allow all from specific address.

Post by supertight » 2017/06/02 22:28:21

markkuk wrote:Iptables rules are processed in order until a rule is found that matches the packet and decides if it ACCEPTed, DROPped or REJECTed. Your command adds the new rule at the end of the chain after the REJECT rule that matches all packets not handled by the previous rules, so your rule will never be used.
You need to insert (with -I option) the rule at a suitable point in the rule chain.

This rule is above the drop rule.

With the "-i" option? I need to select the interface, mac & IP??

Post Reply