> > I'm trying to get iptables running on an etch machine but the rules aren't > actually working for some reason. I've reduced this to a very simple > example. Even if I try to just block portmap I can still connect with > rpcinfo from a remote machine even though "iptables --list" shows an active > rule. > > iptables-up.conf (using with iptables-restore): > > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -p udp --dport 111 -j DROP > COMMIT > > Output of iptables --list: > > Chain INPUT (policy ACCEPT) > target prot opt source destination > DROP udp -- anywhere anywhere udp > dpt:sunrpc > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > rpcinfo and nmap of n.n.n.n (public IP): > > rpcinfo -p n.n.n.n > No remote programs registered. > > nmap -sU -p 111 n.n.n.n > Password: > > Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-19 15:23 > PDT > Interesting ports on n.n.n.n: > PORT STATE SERVICE > 111/udp open|filtered rpcbind > > Nmap finished: 1 IP address (1 host up) scanned in 0.985 seconds > > I've tried turning the DROP into a LOG (level debug) and don't see any > logging entries either. What am I missing?
Forgot to add: This works perfectly on a Sarge i686 box.