[Serusers] SER 2.0.0 and Iptables

Jan Andres jan.andres at freenet-ag.de
Mon Jun 4 17:59:24 CEST 2007


Hi,

On Mon, Jun 04, 2007 at 09:58:21PM +0800, Liu Wenlong wrote:
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5060 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5060 -j
> ACCEPT
> COMMIT

You should add those additional rules above the REJECT rule, not below
it. Otherwise the REJECT rule will just reject (as the name says) any
packets that make it to that point and your rules for port 5060 will
never be processed.

Regards,
Jan
-- 
Jan Andres <jan.andres at freenet.ag>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.iptel.org/pipermail/serusers/attachments/20070604/e6c51cb8/attachment.pgp 


More information about the Serusers mailing list