"E. Pluribus" <(E-Mail Removed)> wrote in
news:Xns9AB1842303D75getonthtpluribusorg@216.196.9 7.136:
> I want to allow incoming ident requests, but only if there was data
sent
> to the source IP of the requests within the past 30 seconds.
>
> This is what I've tried:
>
> iptables -A INPUT -i eth2 -p tcp -m tcp --dport 113 -m recent /
> --rcheck --name IDENT --seconds 30 -j ACCEPT
>
> iptables -A OUTPUT -o eth2 -p tcp -m multiport --dports 6667,7000 /
> --name IDENT --rdest
>
> Ident requests continue to be dropped, however.
>
> eth2 has a public ip address. Defaut policy is to drop all input and
> prior to the above statments in the script I have:
>
> iptables -A INPUT -i eth2 -m state --state ESTABLISHED -j ACCEPT
>
> Right now I just keep port 113 permenantly open using (when not using
the
> above rules) with:
>
> iptables -A INPUT -i eth2 -p tcp --dport 113 -j ACCEPT
Ok, I think I have it fixed. The problem was I had a rule accepting all
outgoing traffic on eth2 (-j ACCEPT) before my recent match rule for
ports 6667 and 7000 , so it never got there.
--
ybbxvatyvxrnobeantnvayvivatyvxrnurergvpyvfgravatgb neguheyrrerpbeqfznxv
atnyylbhesevraqfsrryfbthvyglnobhggurveplavpvfznaqg urerfgbsgurvetrareng
vbaabgriragurtbireazragnertbaanfgbclbhabjohgnerlbh ernqlgborurnegoebxra
|
Similar Threads
Linear Mode
