iptables allow from IP is allowing anyone
Posted on 2014-11-18
I'm confused about (centos) iptables.
I have rules which are supposed to only allow my network into a remote host for certain ports yet I've found that I can access those ports from other networks.
For example, I have ssh blocked to only my own network yet I can reach the ssh port from other networks.
Drop If source is x.x.73.0/24
Drop If source is x.x.74.0/24
Accept If state of connection is RELATED,ESTABLISHED
Accept If protocol is ICMP
Accept If input interface is lo
Accept If protocol is TCP and destination port is 80 and state of connection is NEW
Accept If protocol is TCP and destination port is 443 and state of connection is NEW
Accept If protocol is TCP and source is 126.96.36.199/32 and destination port is 22 and state of connection is NEW
The Drop section works just fine but the Accept section allows any IP to connect.
What am I missing here???