filter parsing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Can anyone tell me if I got this right. I've read through the docs and think it works like this, but it's still a bit cloudy so I'd like confirmation before I try it and find out I've just blocked myself from the box until I can get physical access to it again.

Will iptables always check the rules in the order they are entered ? Eg. if I setup the following in the exact sequence as below...

[default policy: accept]
-A input -p tcp --syn -dport 22 -j ACCEPT
-A input -p tcp --syn -dport 8880 -j ACCEPT
-A input -p tcp --syn -dport 0:60000 -j DROP

Will this ignore all connection requests apart from port 22 and 8880 ?

Is there any other way of doing this ? (perhaps more efficient for example). I'd like all other types of packets to go through normally, and just kill of the connection attempts.


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux