I'm trying to get iptables running on an etch machine but the rules aren't actually working for some reason. I've reduced this to a very simple example. Even if I try to just block portmap I can still connect with rpcinfo from a remote machine even though "iptables --list" shows an active rule.
iptables-up.conf (using with iptables-restore): *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p udp --dport 111 -j DROP COMMIT Output of iptables --list: Chain INPUT (policy ACCEPT) target prot opt source destination DROP udp -- anywhere anywhere udp dpt:sunrpc Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination rpcinfo and nmap of n.n.n.n (public IP): rpcinfo -p n.n.n.n No remote programs registered. nmap -sU -p 111 n.n.n.n Password: Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-19 15:23 PDT Interesting ports on n.n.n.n: PORT STATE SERVICE 111/udp open|filtered rpcbind Nmap finished: 1 IP address (1 host up) scanned in 0.985 seconds I've tried turning the DROP into a LOG (level debug) and don't see any logging entries either. What am I missing?
