My rc.local is as under:
The thing is when I use the DROP with INPUT it runs without any error but doesnt allow me to access my linux box from allowed ip+mac:#!/bin/bash
#
touch /var/lock/subsys/local
modprobe iptable_nat
#
####################################################
#-> Flush all the rules in the filter and nat tables.
####################################################
#
#
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -X
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -X
/sbin/iptables -N MAC
/sbin/iptables -F MAC
#
#
#####################################
#-> INPUT, FORWARD and OUTPUT chains.
#####################################
#
#
/sbin/iptables -F INPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F OUTPUT
#------------------------------
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
#
#
#####################
#-> Accept Loopback #
#####################
#
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
#
#
#
###############################################################
#-> Enable IP Forwarding and Network Address Translation.
###############################################################
#
/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 222.222.0.0/16 -j SNAT --to 203.170.76.121
/sbin/iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
#
#################
#-> SSH & Telnet Connection
#################
#
#/sbin/iptables -A MAC -i eth1 -p tcp --dport 22 -j ACCEPT
#/sbin/iptables -A MAC -i eth1 -p tcp --dport 23 -j ACCEPT
#
#######################
# Restrictions
#######################
#
/sbin/iptables -I FORWARD -d 64.245.58.0/23 -j DROP
/sbin/iptables -I FORWARD -p TCP --dport 6346 -j DROP
/sbin/iptables -I FORWARD -p TCP --dport 4661 -j DROP
/sbin/iptables -I FORWARD -p TCP --dport 4662 -j DROP
/sbin/iptables -I FORWARD -p UDP --dport 4661 -j DROP
/sbin/iptables -I FORWARD -p TCP --dport 1214 -j DROP
/sbin/iptables -I FORWARD -p UDP --dport 1214 -j DROP
/sbin/iptables -I FORWARD -d 213.248.112.0/24 -j DROP
/sbin/iptables -I FORWARD -d 206.142.53.0/24 -j DROP
/sbin/iptables -I FORWARD -d 209.25.178.0/24 -j DROP
/sbin/iptables -I FORWARD -d 64.124.41.0/24 -j DROP
/sbin/iptables -I FORWARD -d 209.61.186.0/24 -j DROP
/sbin/iptables -I FORWARD -d 64.49.201.0/24 -j DROP
/sbin/iptables -I FORWARD -d 216.35.208.0/24 -j DROP
/sbin/iptables -I FORWARD -p UDP --dport 9898 -j DROP
/sbin/iptables -I FORWARD -p UDP --dport 5190:5193 -j DROP
/sbin/iptables -I FORWARD -d login.oscar.aol.com -j DROP
/sbin/iptables -I FORWARD -d login.icq.com -j DROP
/sbin/iptables -I FORWARD -p UDP --dport 5222:5223 -j DROP
/sbin/iptables -I FORWARD -p UDP --dport 5000:5010 -j DROP
/sbin/iptables -I FORWARD -p TCP --dport 6681:6900 -j DROP
#
##############
#-> DNS Queries.
##############
#
/sbin/iptables -A MAC -s 222.222.0.0/16 -p tcp --dport 53 -j ACCEPT
/sbin/iptables -A MAC -s 222.222.0.0/16 -p udp --dport 53 -j ACCEPT
#
#
#####################
##---> Bind MAC with IP <---##
#####################
#
#
for allowuser in `cat /etc/allow.user`
do
ip=`echo $allowuser |cut -d"|" -f1`
mac=`echo $allowuser |cut -d"|" -f2`
echo Allowed $ip $mac
/sbin/iptables -A MAC -i eth0 -s $ip -p all -m mac --mac-source $mac -j ACCEPT
done
#
#
#######################################
#-> Jump INPUT & FORWARD rules to MAC.
#######################################
#
/sbin/iptables -A INPUT -p all -j MAC
/sbin/iptables -A FORWARD -p all -j MAC
#
#
##########################
#-> DROP everything else.
##########################
#
/sbin/iptables -A MAC -i eth0 -p all -j DROP
#
#
#-------------------------
Can you check my rc.local above and reflect?/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
Regards,
Muhammad Asif Iqbal