Iptables default chains priority?
Question
In order to check the RPyC module, I created 2 VM's (Ubuntu and Xubuntu), and tried to communicate between them. At first, I ran the RPyC server on the , and connected from the . 上运行RPyC服务器,并从连接。 Went well!
Then, I switched between them. I ran the server on the this time, and tried to connect from the . 上运行服务器,并尝试从连接。 I've got a "No route to host" message.
The first thing I though is to try the firewall. When i shut down the firewall, I managed to connect, so I tried to look at the Iptables rules-list in the machine.
The INPUT chain in the iptables had bunch of different rules, where all of them, except from one was , when the first one was . ,而第一个是 。 The last one was (don't ask why, it wasn't my configuration). (不要问为什么,这不是我的配置)。
I tried to delete the rules one by one until I was able to connect, and when I deleted the last one, the , I was able to connect. ,就可以连接了。
My question is- why, although it was the last rule in the chain list, the REJECT all overrides the ACCEPT all rule? is there any prioritise of the default Iptables CHAINS?
Thanks in advance,
Idan
1 answers
solution1
0 2016-09-12 09:03:23
Indeed, rules are read from top to bottom. Could you try to explicitly append the rules you want at the top? For example for ssh:
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.