Skip to content

Questions to Determine

  • What is the full iptables INPUT chain with rule numbers and packet counters?
  • Is there an earlier rule in the chain that matches the same traffic and DROPs or REJECTs it before the ACCEPT rule is reached?
  • What is the order of rules in the INPUT chain, and where does the new ACCEPT rule appear?
  • Are the packet counters on the ACCEPT rule incrementing, or is a prior rule catching the traffic first?
  • Is there a broad deny rule (e.g., DROP all traffic to high ports, or DROP from certain subnets) earlier in the chain?
  • Was the rule appended (-A) when it should have been inserted (-I) at a specific position?
  • Is the default policy of the INPUT chain ACCEPT or DROP?
  • Are there any rules in other tables (raw, mangle, nat) that could affect this traffic?
  • Does the rule match the correct protocol, port, and source address?