LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 04-09-2008, 03:52 AM   #1
id_viorel
LQ Newbie
 
Registered: Jul 2004
Location: Focsani
Posts: 29

Rep: Reputation: 15
iptables acl versus cisco acl


hello,

I have a question regarding iptables rules!

In cisco environment u can create an acl, but if u don't apply it on an interface and direction it doesn't filter anything; so u should apply it on an interface and also on a direction (in/out)

In linux environment u create a rule with iptables command for a tables and chain; ex. filter table , INPUT chain ... but when u have multiple network interfaces how can u specify the direction? INPUT is for WAN or LAN interface ?
If I set the policy for INPUT/filter to DROP, the kernel will drop the packets originating from WAN and for LAN also, how can I specify the direction? I want to set policy to DROP for INPUT/filter for WAn interface and let everybody from my LAN to do everything...

thanks!
 
Old 04-09-2008, 05:00 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
INPUT is packets destined for the local system via a given interface, that interface is given with the -i option, e.g. "-i eth1" or "-i ppp0". There can be no concept of a "WAN" or "LAN" interface in the kernel, that's down to you and your diagrams and conventions.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
acl sheetu Solaris / OpenSolaris 1 09-10-2006 12:48 PM
Problem with ACL kousik Linux - Security 1 08-31-2005 10:12 AM
coments on comparison of Iptables and cisco ios acl farhan Linux - Security 1 05-17-2005 07:37 AM
acl permissions linuxtesting2 Linux - General 0 10-25-2004 02:18 PM
ACL Help theDrix Linux - General 0 07-22-2004 08:25 AM


All times are GMT -5. The time now is 11:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration