Good afternoon, Alejandro,
On Wed, 26 Nov 2003, Alejandro Cabrera Obed wrote:
> I'm trying to construct my own ruleset of iptables; I'm editing a file
> script.
>
> My question is the following:
>
> Is there any order about CHAINS and TABLES that I have to follow in order to
> construct my iptables ruleset ??? For example, is it the same if firstly I
> write in my script my the FORWARD rules and then the OUTPUT and INPUT rules
> or viceversa ???
There isn't a difference in the final outcome, no.
However, unless you're blocking all traffic until the firewall is
completely constructed, the second and third chains you construct will be
left unprotected longer (on the order of 1-5 seconds or so). It's a minor
consideration, but I've seen an attack that sneaked through a firewall as
it was being reloaded.
Cheers,
- Bill
---------------------------------------------------------------------------
"Don't say you don't have enough time. You have exactly the
same number of hours per day that were given to Helen Keller, Pasteur,
Michaelangelo, Mother Teresa, Leonardo da Vinci, Thomas Jefferson, and
Albert Einstein."
-- H. Jackson Brown
(Courtesy of <drow@xxxxxxxx>)
--------------------------------------------------------------------------
William Stearns (wstearns@xxxxxxxxx). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
Linux articles at: http://www.opensourcedigest.com
--------------------------------------------------------------------------
