I`ve two rules. First blocked all port from range:
-A INPUT -m state –state NEW -m tcp -p tcp –match multiport –dports 200:65535 -j DROP
and second open one in this range:
-A INPUT -i eth0 -p tcp –dport 5901 -m state –state NEW,ESTABLISHED -j ACCEPT
but it doesn`t work. Anyone know why?
Best Answer
IIRC
iptablesrules are order dependent: if the first rule matches, it won't parse any more. Reverse the order and you should achieve what you're trying to do.Extension: it is not always so, some rules (f.e.
-j LOG) allows the packet processing to go further. But the commonACCEPT,REJECT, etc. rules aren't. Best if you see iptables as if it were a procedural programming language: rules are tried-to-match and executed in always linearly, in order.