Bug 138999 - IPTables rules not work.
IPTables rules not work.
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
3
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-12 08:52 EST by Jevgeni Maksimov
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-01-26 12:45:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jevgeni Maksimov 2004-11-12 08:52:29 EST
Description of problem:
On machine where FC3 configured as GATEWAY for users in my network 
which used non local IP(192.168.*.*) but external IP's.
And I trying to control to block not allowed IP's and their MAC's to 
access to the Internet. I use for allowed IP's and their MAC's in 
iptables next rules:
-------Start Cut----------
# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT

# Allowed IP to MAC
# User_1
-A RH-Firewall-1-INPUT -s 80.69.200.20/255.255.255.255 -m mac --mac-
source 00:04:62:5D:07:3D -j ACCEPT

# User_2
-A RH-Firewall-1-INPUT -s 80.69.200.21/255.255.255.255 -m mac --mac-
source 00:04:BA:D0:00:AC -j ACCEPT
# ..... list about 1000 IP's

COMMIT

# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed

------ End Cut -------

If User_1 write to his machine IP address 80.69.200.21 from User_2 PC 
which not turned ON, but User_1 network card have realy MAC 
00:04:62:5D:07:3D
User_1 stay to use Internet after change IP.

Rules not work in iptables!
IPTables bug?
If not, why not worked this rules?


Version-Release number of selected component (if applicable):
iptables-1.2.11-3.1.FC3


How reproducible:
Every time.

Steps to Reproduce:
1.
2.
3.
  
Actual results:
No effect.

Expected results:


Additional info:
Comment 1 Dmitriy Kropivnitskiy 2004-12-09 02:37:29 EST
I do not see any rules that would REJECT or DROP any packets. Did you
forget to paste them or do you not have them? 
Comment 2 Thomas Woerner 2005-01-26 12:45:57 EST
See comment #1.
Closing as not a bug.

Note You need to log in before you can comment on or make changes to this bug.