Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Basic iptables question

Reply
Thread Tools Display Modes

Basic iptables question

 
 
David Yowell
Guest
Posts: n/a

 
      08-01-2003, 09:12 PM
Using the "Security Level" tool in the System Settings menu in Redhat
9 to set security level to "High" sets the very first rule for the
iptables INPUT chain to:

target prot opt source destination
ACCEPT all -- anywhere anywhere

From what I understand of iptables, after the first match it quits
processing rules. Wouldn't this let ALL trafic through? Why would
any of the following REJECT rules that get set up be processed.

-David Yowell
 
Reply With Quote
 
 
 
 
/dev/rob0
Guest
Posts: n/a

 
      08-01-2003, 10:46 PM
In article <(E-Mail Removed)> ,
David Yowell wrote:
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> From what I understand of iptables, after the first match it quits
> processing rules. Wouldn't this let ALL trafic through? Why would
> any of the following REJECT rules that get set up be processed.

Your GUI is hiding details from you. You're looking at the useless
output of "iptables -L". Try "iptables -vnL" or "iptables-save" to see
more useful output.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply
 
Reply With Quote
 
James Knott
Guest
Posts: n/a

 
      08-02-2003, 02:27 AM
David Yowell wrote:

> From what I understand of iptables, after the first match it quits
> processing rules. Wouldn't this let ALL trafic through? Why would
> any of the following REJECT rules that get set up be processed.
>

No. The default policy is to drop all. So if a specific match is not
found, the traffic will be dropped.

Imagine the following.

Allow green cars through
Allow blue cars through
Stop all cars.

A green car will match on the 1st rule and will be allowed to pass. A blue
car will not match the 1st rule, but it will match the 2nd and will pass A
red car will not match on the 1st or 2nd rule and will be blocked by the
3rd. In this example, you specify all the colours you want to pass. All
others are blocked.


--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.
 
Reply With Quote
 
David Yowell
Guest
Posts: n/a

 
      08-02-2003, 02:49 AM
> Your GUI is hiding details from you. You're looking at the useless
> output of "iptables -L". Try "iptables -vnL" or "iptables-save" to see
> more useful output.

Thank you! That clears up EVERYTHING.
 
Reply With Quote
 
 
 
Reply

« Test Message | UNIX Sockets, unlink() and accept() »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Very basic FTP question Nicola Attico Linux Networking 13 07-14-2007 03:19 PM
Basic question April Wireless Internet 10 03-19-2007 01:22 PM
really basic question The Reid Broadband 13 03-04-2007 09:04 AM
basic question tanewha1956@gmail.com Wireless Internet 5 02-11-2007 11:34 PM
DNAT, Fedora, IPTABLES (very basic!) Help... Paco Jones Linux Networking 4 04-22-2004 03:34 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11