I’m pretty sure the commands are right but my understanding of IPTables must be wrong because it’s not doing what I expect.
For troubleshooting this is what I have:
Code: Select all
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N LOGGING
-A INPUT -p tcp -m tcp --dport 80 -m string --string vm1.mydomain.com --algo bm -j LOGGING
-A INPUT -p tcp -m tcp --dport 80 -j REJECT
-A LOGGING -m limit --limit 20/min -j LOG --log-prefix "IPTables-Passed-4:"
-A LOGGING -j ACCEPT
When I change it to this:
Code: Select all
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N LOGGING
-A INPUT -p tcp -m tcp --dport 80 -m string --string vm1.mydomain.com --algo bm -j LOGGING
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A LOGGING -m limit --limit 20/min -j LOG --log-prefix "IPTables-Passed-4:"
-A LOGGING -j ACCEPT
Why does the string matching work when set to accept all but now when set to reject?
Shouldn’t it match the first line of input, be moved to the logging chain, logged and then accepted? Shouldn’t the second input rule have no effect on it?
Where is my logic wrong?