Re: iptables forward policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 25.08.2012 18:47, Juan Diego Tascón wrote:
Good day,

I'm currently configuring a router. I'm setting the default policies
to DROP in the INPUT OUTPUT AND FORWARD chains. I'm thinking of
setting the default FORWARD policy to ACCEPT as my default INPUT
policy is DROP and unless there is a valid FORWARD rule for a given
port the packets wont go anywhere. I'm I right on this? or could
someone deliberately setup a packet to be forwarded from my router to
my lan? all I could find on google was one similar question with no
answer :(

FORWARD and INPUT are completely different.
INPUT is for packets that are in the end are destined for the host (i.e. routed to the host).

FORWARD is for packets, that are only forwarded by the host, the packets will not go through the INPUT chain.


In a normal routed network this depends on the destination IP of the packet, but if you DNAT the packets in the PREROUTING chain of the nat table the destination IP will change.


--
дамјан


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux