On Thursday 10 April 2003 10:06, Payal Rathod wrote: > Hi, > I am trying to clear some of my basics. I am reading IP-Masquerading HOWTO. > In it these things were mentioned, > > UNIVERSE="0.0.0.0/0" > $IPTABLES -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT > > What exactly does 0.0.0.0/0 mean? And why should we be concerned with > it? And what is the use of rule given after it? > 0.0.0.0/0 means everybody! The rule is saying that everything from and to the localhost should be accepted - in general a very good thing, unless you know what you are doing! > INTNET="192.168.1.0/24" > INTIP="192.168.1.1/24" > > The first one means the entire network of 192.168.1.x? What exactly is > the second one. Does it just means 192.168.1.1 then why "/24"? > And lastly, > The 192.168.1.0/24 means: everything from 192.168.1.0 to 192.168.1.255. The /24 is part of the mask, read http://www.netfilter.org/documentation/HOWTO//networking-concepts-HOWTO.txt. > $IPTABLES -N drop-and-log-it > $IPTABLES -A drop-and-log-it -j DROP > > Why was this rule made? And why was it "dropped"? What is the logic > behind this? Shouldn't it be, > $IPTABLES -P drop-and-log-it DROP > There is no default chain called drop-and-log-it, which is why you make a custom chain. A better version would be: $IPTABLES -N drop-and-log-it $IPTABLES -F drop-and-log-it $IPTABLES -A drop-and-log-it -j LOG $IPTABLES -A drop-and-log-it -j DROP The first line creates a new chain (-N) with the name drop-and-log-it. The second line (-F) flushes the new chain in case you already have this chain running. The third lines appends a rule which logs everything and finally the fourth line drops the packets. /Kim
