I think you're going to need two rules. In the first explicitly ACCEPT the desired IP, in the second DROP everything else. JimW JW wrote:
CM >* JW (jw@centraltexasit.com) [020430 15:15]: CM >> bismuth:~ # iptables -A INPUT -p tcp -i eth0 -s 192.168.0.110 -j CM >> DENY iptables v1.2.5: Couldn't load target CM >> `DENY':/usr/lib/iptables/libipt_DENY.so: cannot open shared object CM >> file: No such file or directory CM > CM >DENY is an ipchains target, you want DROP...I've done the same CM >thing.
Ok, that's fine, and that works.
But I can't figure out how to drop everything on <port> _except_ a certain IP.
From everything I've read this should be correct:
iptables -A INPUT -p tcp --destination-port 5001 -j DROP ! -s 192.168.0.110
Meaning, drop every connection to 5001 except from 192.168.0.110 . But that doens't work.
Any more ideas?
Also, I thoughtmaybe I had to do 2 rules:
iptables -A INPUT -p tcp --destination-port 5001 -j DROP
iptables -A INPUT -s 192.168.0.110 -p tcp --destination-port 5001 -j ACCEPT
But that fails with the "can't find *accept.so*" error.
Over the years I have tried to learn ipchains/iptables about 6 times, and it always gets the best of me. For some reason the instructions I find just never work. At least not like I expect them to.
Since I never see other people complaining about it, I'll assume it's me that's the problem, but.... what is it that I'm missing?
Thanks.
--
---------------------------------------------------- Jonathan Wilson System Administrator Clickpatrol.com Cedar Creek Software http://www.cedarcreeksoftware.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here