UPDATE: It appears the problem is not that the inverse switch isn't working, but that the interface names are being ignored all together. Regardless of whether I specify "-i eth1" "-i eth0" "-i ! eth1", etc, iptables always acts as if i have not specified an interface at all, and so creates the rule for ALL interfaces.
Original posting:
Recently switched my internet gateway machine/NAT box over to debian, and everything is working fine except for one very strange problem with my firewall script. For some reason, iptables is not recognizing the inverse specification. For example:
iptables -A INPUT -m state --state NEW -i ! $EXTIF -j ACCEPT
this should allow new connections on all the interfaces except for the one i've designated to be external. But if I list the rules with "iptables -L" I get:
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW
which is obviously not a good thing to be happening
Any ideas what could be causing this? I've never seen anything like it before, and the script was pulled off a previously working gentoo box, where it had no problems.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Bizarre iptables problem: "!" (inverse) won't work
-
- Posts: 1
- Joined: 2005-12-09 06:10