LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 07-21-2004, 10:19 PM   #1
mrpc_cambodia
Member
 
Registered: Jun 2004
Posts: 131

Rep: Reputation: 15
How does iptables handle packet ?


I'm wondering how does linux firewall(iptables) handle packet coming in the box ?

if a packet that is needed to send to linux box is big so it needs to be devided into fragments.

Do the packet fragments get resembled first before going through the firewall or it goes through the firewall fragment by fragment ?



Thanks,
 
Old 07-23-2004, 12:08 PM   #2
foo_bar_foo
Senior Member
 
Registered: Jun 2004
Posts: 2,553

Rep: Reputation: 51
This is how i *think* it works

If you are using NAT then the packets are assembled before filtering

if not then the fragments are filtered seperately
 
Old 07-23-2004, 08:16 PM   #3
mrpc_cambodia
Member
 
Registered: Jun 2004
Posts: 131

Original Poster
Rep: Reputation: 15
So u mean if i use the filter table then fragment will be filtered fragment by fragment.

iptables -A FORWARD -p tcp -j ACCEPT
iptables -A FORWARD -j DROP

So by using the above command, Nothing can go through my linux box. Because only the first fragment contain protocol information. And the rest will be drop.

To allow fragment other than the first fragment to go through, i have to add more rules to the chain.

Is my assumption right ?


Thanks,
 
Old 07-24-2004, 04:25 AM   #4
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Rep: Reputation: 15
Quote:
So u mean if i use the filter table then fragment will be filtered fragment by fragment.
Not really. As foo_bar_foo said, the fragments get reassembled before filtering. So at level 3 of the osi layer (the one that "belongs" the kernel packet filter) the data appears like complete packets.
Quote:
iptables -A FORWARD -p tcp -j ACCEPT
iptables -A FORWARD -j DROP
I'm not sure about what you meant here. This code does just what the first line says: it does forward packets.
Every packet going into the filtering tables, checks the rules TOP-DOWN, until they match a rule. the won't step to the next line.
Quote:
So by using the above command, Nothing can go through my linux box. Because only the first fragment contain protocol information. And the rest will be drop.
as I said, the packets are complete as they reach the filter table.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Per-program packet filtering with iptables? tumbelo Linux - Security 1 08-01-2005 10:53 PM
iptables packet logging netguy2000 Linux - Networking 2 12-24-2004 03:29 AM
iptables packet marking meks Linux - Networking 0 09-21-2004 05:14 PM
Network Packet Loss and IPTABLES weazy Linux - Networking 7 04-24-2003 03:20 PM
iptables: packet priority LiquidKernel Linux - Networking 1 04-23-2003 07:58 AM


All times are GMT -5. The time now is 08:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration