USB Networking vs. iptables
Christian Weßel
wesselch at gmx.net
Fri Sep 19 16:09:50 CEST 2008
Am Freitag, den 19.09.2008, 07:35 -0400 schrieb Joel Newkirk:
> Try "iptables -I RH-Firewall-1-INPUT -s 192.168.0.202 -j ACCEPT", or the
> same rule inserted at the top of INPUT and FORWARD chains.
I will try.
> RH-Firewall-1-INPUT blocks SSH from various specific IPs, then accepts
> only very limited specific connections, including ICMP,http,https,ssh,CUPS
> and ipsec but NOT including DNS...
That's right, but at the end if no rules of the chain affected, the
police of the chain will affect. And the default police is ACCEPT. So, I
guess that means that DNS is not blocked.
> Lack of a rule accepting DNS in INPUT
> keeps you from doing DNS lookups at 192.168.0.201, lack of a rule accepting
> DNS in FORWARD keeps you from doing DNS lookups at any other host.
I will try to add DNS to the private chain.
--
mfg/br, christian
Flurstraße 14
29640 Schneverdingen
Germany
E-Mail: wesselch at gmx.net
Telefon: +49 5193 97 14 95
Mobile: +49 171 357 59 57
http://wesselch.homelinux.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.openmoko.org/pipermail/community/attachments/20080919/ed8f9359/attachment.pgp
More information about the community
mailing list
