Learning iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi everyone,

I'm have a avarage-to-good linux knowlegde, but i'm quite noob when it comes about iptables, so i decided to study about. I'm reading a lot of articles and blogs, and testing some rules, so far it's all going well. Right now i'm running a server with tons of rules written by the admin that worked here before me, and in the policies session of the script i've found theses rules:

   $IPTABLES -P INPUT ACCEPT
   $IPTABLES -P OUTPUT ACCEPT
   $IPTABLES -P FORWARD ACCEPT
   $IPTABLES -F
   $IPTABLES -t nat -F
   $IPTABLES -t mangle -F
   $IPTABLES -X

   $IPTABLES -A INPUT -s $LO_IP -j ACCEPT
   $IPTABLES -A OUTPUT -d $LO_IP -j ACCEPT
   $IPTABLES -A INPUT -s $LAN_IP -j ACCEPT
   $IPTABLES -A OUTPUT -d $LAN_IP -j ACCEPT
   $IPTABLES -A INPUT -s $INET_IP_DIN -j ACCEPT
   $IPTABLES -A OUTPUT -d $INET_IP_DIN -j ACCEPT

   $IPTABLES -P INPUT DROP
   $IPTABLES -P OUTPUT ACCEPT
   $IPTABLES -P FORWARD DROP

Is there any good reason why someone would set an ACCEPT policy for all chains first to withdraw some later? What the benefit of doing this?

Sorry about my poor english.

Tks in advance
--

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarneiro@xxxxxxxxxxxxxx <mailto:lscarneiro@xxxxxxxxxxxxxx>
http://www.veltrac.com.br <http://www.veltrac.com.br/>
/Fone Com.: (43)2105-5600/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/

	

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux