NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ESTABLISHED makes possible to connect to internal servers

from [Maximilian Wilhelm] [Permanent Link][Original]
To: netfilter@lists.netfilter.org
Subject: Re: ESTABLISHED makes possible to connect to internal servers
From: Maximilian Wilhelm <max@rfc2324.org>
Date: Wed, 11 Apr 2007 17:06:20 +0200
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
In-reply-to: <461BCBBE.5060003@mfmdb.com>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Mail-followup-to: netfilter@lists.netfilter.org
References: <461BCBBE.5060003@mfmdb.com>
Sender: netfilter-bounces@lists.netfilter.org
User-agent: Mutt/1.5.9i 
Am Tuesday, den 10. April hub Anton Sidorov folgendes in die Tasten:

Hi!

> The problem is that if I put
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> or just
> iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
[...]
> it is possible to access my internal web server (and not only web
> server) from outside
> despite I did not open port 80 in FORWARD chain and policy for FORWARD
> is DROP.
[...]
> I've been fighting with that problem for two weeks now.
> I rewrite my script several times and brought it to bare basic but
> nothing has fixed the problem.

Maybe it would help to see the "bare basic" script, so we could get the
"big picture".

Ciao
Max
-- 
|           |                 Follow the white penguin.
|  |\/|  |  |-----------------------------------------------------------.
|  |  |/\|  |  Rechnerbetrieb Mathematik  |   Meine Baustellen:  TSM    |
|           |  Universitaet Paderborn     |   Hostmaster, Linux, LDAP   |
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Time module included in the default Fedora, Fred Trotter
Next by Date:  Re: Default syslog level from -j LOG, Oliver Schulze L.
Previous by Thread:  ESTABLISHED makes possible to connect to internal servers, Anton Sidorov
Next by Thread:  Re: ESTABLISHED makes possible to connect to internal servers, Anton Sidorov
Indexes:  [Date] [Thread] [Top] [All Lists]