Bug 138999

Summary: IPTables rules not work.
Product: [Fedora] Fedora Reporter: Jevgeni Maksimov <mev>
Component: iptablesAssignee: Thomas Woerner <twoerner>
Status: CLOSED NOTABUG QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 3Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-26 17:45:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jevgeni Maksimov 2004-11-12 13:52:29 UTC
Description of problem:
On machine where FC3 configured as GATEWAY for users in my network 
which used non local IP(192.168.*.*) but external IP's.
And I trying to control to block not allowed IP's and their MAC's to 
access to the Internet. I use for allowed IP's and their MAC's in 
iptables next rules:
-------Start Cut----------
# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT

# Allowed IP to MAC
# User_1
-A RH-Firewall-1-INPUT -s 80.69.200.20/255.255.255.255 -m mac --mac-
source 00:04:62:5D:07:3D -j ACCEPT

# User_2
-A RH-Firewall-1-INPUT -s 80.69.200.21/255.255.255.255 -m mac --mac-
source 00:04:BA:D0:00:AC -j ACCEPT
# ..... list about 1000 IP's

COMMIT

# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed

------ End Cut -------

If User_1 write to his machine IP address 80.69.200.21 from User_2 PC 
which not turned ON, but User_1 network card have realy MAC 
00:04:62:5D:07:3D
User_1 stay to use Internet after change IP.

Rules not work in iptables!
IPTables bug?
If not, why not worked this rules?


Version-Release number of selected component (if applicable):
iptables-1.2.11-3.1.FC3


How reproducible:
Every time.

Steps to Reproduce:
1.
2.
3.
  
Actual results:
No effect.

Expected results:


Additional info:

Comment 1 Dmitriy Kropivnitskiy 2004-12-09 07:37:29 UTC
I do not see any rules that would REJECT or DROP any packets. Did you
forget to paste them or do you not have them? 

Comment 2 Thomas Woerner 2005-01-26 17:45:57 UTC
See comment #1.
Closing as not a bug.