amna bilal wrote:
Hi, Looking for some insight here. What I would like to do is: I have four main tables INTERNET_IN INTERNET_OUT LAN_IN LAN_OUT I have a few filters I want I named them ALLOW_UDP ALLOW_TCP DENY_ACCESS Is it possible to set up iptables to filter down a list some thing like this: iptables -A INTERNET_IN -j ALLOW_UDP iptables -A INTERNET_IN -j ALLOW_TCP iptables -A INTERNET_IN -j DENY_ACCESS What I want to accomplish is that if it doesn't meet a filter in ALLOW_UDP it continues to ALLOW_TCP, then to DENY_ACCESS, the it goes into the system.
Yes, absolutely. And with these very clear chain names, it is easy to follow the logic as well.
OTOH, You could also opt for: -A INTERNET_IN -p udp -j UDP_IN -A INTERNET_IN -p tcp -j TCP_IN -A INTERNET_IN -j DENY_ACCESS And end both UDP_IN and TCP_IN with a -j DENY_ACCESS. Both work, the second is a bit more efficient. HTH, M4
