LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-21-2011, 02:29 PM   #1
PinoyAko
LQ Newbie
 
Registered: May 2011
Posts: 28

Rep: Reputation: 0
Iptables


Should I start my script with all the DROP before ACCEPT or the other way around?
 
Old 05-21-2011, 02:30 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
you accept things by exception with a default drop policy on each table. or a default drop at the very bottom of it.
 
Old 05-21-2011, 02:38 PM   #3
PinoyAko
LQ Newbie
 
Registered: May 2011
Posts: 28

Original Poster
Rep: Reputation: 0
If a connection is already accepted and it still fits the drop condition at the end of the script will it still be dropped?

Last edited by PinoyAko; 05-21-2011 at 02:39 PM.
 
Old 05-21-2011, 02:55 PM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
No, iptables will stop comparing once a positive match is made. This is why you you are able to accept the things you want and then drop everything else at the end.
 
Old 05-21-2011, 09:26 PM   #5
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,272
Blog Entries: 28

Rep: Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124
One of the members of my LUG gave a presentation about his iptables script and posted the script to the LUG wiki.

Maybe it will be a useful reference.
 
Old 05-22-2011, 03:05 AM   #6
PinoyAko
LQ Newbie
 
Registered: May 2011
Posts: 28

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by frankbell View Post
One of the members of my LUG gave a presentation about his iptables script and posted the script to the LUG wiki.

Maybe it will be a useful reference.
Thanks for sharing the link
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 01:56 PM
On what basis CHAIN integer values are generated in IPtables under iptables file? haariseshu Linux - Server 3 11-05-2009 04:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 02:24 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration