[ILUG-BOM] Iptables Query
steve at lonetwin.net
Thu Aug 6 10:40:17 IST 2009
On 08/06/2009 01:35 AM, Rony Bill wrote:
> I have to setup a firewall box for someone ASAP and I was going through the
> tutorials at
> I just have a small query as I am confused with the directions of packets.
> When setting a rule for the INPUT table, there is a source and destination
> setting. From the examples given in the above tutorial, when an incoming
> packet is received, the source is a local IP and destination is the world.
> Shouldn´t the incoming packet´s source be the world and destination the
> local LAN IP address? Could the experts please clarify? Otherwise it seems
> quite easy to setup.
I assume you meant the examples such as these in the guide:
iptables -A INPUT -p tcp --dport 22 -s 192.168.0.3 -j ACCEPT
Firstly the terminology in the guide appears to be incorrect. The guide refers
to INPUT, OUTPUT and FORWARD as 'table'. These are in fact termed as 'chains'
within the 'filter' table (which is the default table for modification when -t
is not provided. There are other tables like 'nat', 'mangle' ..etc)
Think of tables as a grouping of 'what' you want to do with the packets (filter,
nat, mangle) and chains as 'when' you want to do it (INPUT, OUTPUT, FOWRARD for
filter, PREROUTING, POSTROUTING for nat ...etc)
So as far as the filter table is concerned, in this context, there isn't any
difference between your 'home' network and the 'world' network. The rule will
just be matched against the networks mentioned in the rules. Think about it a
bit. Your rules might even mention a src/dest addresses on networks that none of
your interfaces are even part of.
Mentioning an action in the INPUT chain simply means that the packet would be
examined when received and filtered accordingly.
random non tech spiel: http://lonetwin.blogspot.com/
tech randomness: http://lonehacks.blogspot.com/
what i'm stumbling into: http://lonetwin.stumbleupon.com/
More information about the Linuxers