Re: Learning iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

the only reason I would think is to allow packets through for the milliseconds it takes the script to run.

regards

Brian


Leonardo Carneiro wrote:
Hi everyone,

I'm have a avarage-to-good linux knowlegde, but i'm quite noob when it comes about iptables, so i decided to study about. I'm reading a lot of articles and blogs, and testing some rules, so far it's all going well. Right now i'm running a server with tons of rules written by the admin that worked here before me, and in the policies session of the script i've found theses rules:

   $IPTABLES -P INPUT ACCEPT
   $IPTABLES -P OUTPUT ACCEPT
   $IPTABLES -P FORWARD ACCEPT
   $IPTABLES -F
   $IPTABLES -t nat -F
   $IPTABLES -t mangle -F
   $IPTABLES -X

   $IPTABLES -A INPUT -s $LO_IP -j ACCEPT
   $IPTABLES -A OUTPUT -d $LO_IP -j ACCEPT
   $IPTABLES -A INPUT -s $LAN_IP -j ACCEPT
   $IPTABLES -A OUTPUT -d $LAN_IP -j ACCEPT
   $IPTABLES -A INPUT -s $INET_IP_DIN -j ACCEPT
   $IPTABLES -A OUTPUT -d $INET_IP_DIN -j ACCEPT

   $IPTABLES -P INPUT DROP
   $IPTABLES -P OUTPUT ACCEPT
   $IPTABLES -P FORWARD DROP

Is there any good reason why someone would set an ACCEPT policy for all chains first to withdraw some later? What the benefit of doing this?

Sorry about my poor english.

Tks in advance
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux