Hi all, in iptables like in many other firewall/access list ( like in Cisco ) programs firewall rules are checked one by one, so in many cases is problem if we do not care about specific requests and forget to include all neccesary in firewall rules. According to me, best place for all related to iptables is this mailing list and next web location http://iptables-tutorial.frozentux.net/iptables-tutorial.html Best wishes Elvir Kuric On 8/3/07, Franck Joncourt <franck.joncourt@xxxxxxxxxx> wrote: > Hi, > > Assuming we have the next two rules in our ruleset : > > iptables -A INPUT -s 192.168.10.14 -p tcp --dport 80 -j ACCEPT > iptables -A INPUT -s 192.168.10.14 -p tcp --dport 443 -j ACCEPT > > I was wondering whether rules are processed one by one. > In the two rules above, we have to check the source address > 192.168.10.14, so I think this is done for the first one, and then for > the second one. I am not quite sure ; Can anyone confirm that ? > > -- > Franck Joncourt > http://www.debian.org - http://smhteam.info/wiki/ > GPG server : pgpkeys.mit.edu > Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFGs1QOxJBTTnXAif4RAmR0AJ9v7hd+KU7PNzrb5O7hnTQwdVGEvQCgziNX > NBHg4yEhbaFKlArhH722UE4= > =capX > -----END PGP SIGNATURE----- > >
