Mailinglist Archive: opensuse-security (448 mails)
| < Previous | Next > |
Re: [suse-security] Need help with iptables: missing .so -- and I can't use DENY or ACCEPT
- From: JW <jw@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 30 Apr 2002 23:26:28 -0500
- Message-id: <200204302326.28935.jw@xxxxxxxxxxxxxxxxxx>
CM >* JW (jw@xxxxxxxxxxxxxxxxxx) [020430 15:15]:
CM >> bismuth:~ # iptables -A INPUT -p tcp -i eth0 -s 192.168.0.110 -j
CM >> DENY iptables v1.2.5: Couldn't load target
CM >> `DENY':/usr/lib/iptables/libipt_DENY.so: cannot open shared object
CM >> file: No such file or directory
CM >
CM >DENY is an ipchains target, you want DROP...I've done the same
CM >thing.
Ok, that's fine, and that works.
But I can't figure out how to drop everything on <port> _except_ a certain IP.
From everything I've read this should be correct:
iptables -A INPUT -p tcp --destination-port 5001 -j DROP ! -s 192.168.0.110
Meaning, drop every connection to 5001 except from 192.168.0.110 . But that doens't work.
Any more ideas?
Also, I thoughtmaybe I had to do 2 rules:
iptables -A INPUT -p tcp --destination-port 5001 -j DROP
iptables -A INPUT -s 192.168.0.110 -p tcp --destination-port 5001 -j ACCEPT
But that fails with the "can't find *accept.so*" error.
Over the years I have tried to learn ipchains/iptables about 6 times, and it always gets the best of me.
For some reason the instructions I find just never work.
At least not like I expect them to.
Since I never see other people complaining about it, I'll assume it's me that's the problem, but.... what is it that I'm missing?
Thanks.
--
----------------------------------------------------
Jonathan Wilson
System Administrator
Clickpatrol.com
Cedar Creek Software http://www.cedarcreeksoftware.com
| < Previous | Next > |