Relationship between iptables rules and between iptables rules
The relationship between iptables rules is ignored from top to bottom.
Therefore, when adding rules, you must add them through files. In this way, you can control the order.
Machine:
[Root @ www ~] # Netstat-an | grep 6100
Tcp 0 0 0.0.0.0: 6100 0.0.0.0: * LISTEN
Tcp 0 0 192.168.5.140: 6100 192.168.4.199: 60194 ESTABLISHED
Tcp 0 0 192.168.5.140: 6100 192.168.4.199: 60196 ESTABLISHED
Tcp 0 0 192.168.5.140: 6100 192.168.4.199: 60193 ESTABLISHED
Tcp 0 0 192.168.5.140: 6100 192.168.4.199: 60195 ESTABLISHED
However:
Machine B:
[Root @ www ~] # Telnet 192.168.5.1405432
Trying 192.168.5.140...
Connected to 192.168.5.140.
Escape character is '^]'.
^ CConnection closed by foreign host
The reason is:
[Root @ www ~] # More/etc/sysconfig/iptables
-A input-j REJECT -- reject-with icmp-host-prohibited
Note: The problem is that the above rule blocks the execution of the following rule.
-A input-p tcp-m state -- state NEW-m tcp -- dport 6100-j ACCEPT
So the adjustment is as follows:
[Root @ www ~] # More/etc/sysconfig/iptables
-A input-p tcp-m state -- state NEW-m tcp -- dport 6100-j ACCEPT
-A input-j REJECT -- reject-with icmp-host-prohibited
In this case:
[Root @ www ~] # Telnet 192.168.5.1406100
Trying 192.168.5.140...
Connected to 192.168.5.140.
Escape character is '^]'.
Connection closed by foreign host.