Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm trying to perfect my firewall with ipchains but, I'm confused about this one thing. In what order does teh system look at the rules I apply.
If I entered:
ipchains -A input -p tcp -d 0.0.0.0 23 -j ACCEPT
ipchains -A input -j DENY
Would that allow telnet from all locations and ONLY telnet. Or will the system look at the last rule I entered and work towards the first.
With your example, it will look at the first and work its way down.
However if you use "-I" instead of "-A" that will reverse the order, because the second rule you enter will be inserted ahead of the first one -- which was itself inserted at the head of the input filter chain.
The difference can be critical, when you're setting up rules in something like portsentry. I had to change the original "-A" rule to be "-I" so that the rule added by portsentry would appear before my final catch-all rule!
Hmm. JimKyle is right, ipchains always works top-down when using only "-A"'s.
But your (to)addy can't be 0.0.0.0, and it can't have --destination (to) like this, it should be --source (from). If you did mean "from any addy to my addy port 23" I'd add a var $ANY, add the DENY as default policy, the eth0 in case of scalability, and your ip address and then it'd look like this:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.