I'm confused about ipchains

tarballedtux · 01-08-2002, 08:14 AM

I'm trying to perfect my firewall with ipchains but, I'm confused about this one thing. In what order does teh system look at the rules I apply.
If I entered:

ipchains -A input -p tcp -d 0.0.0.0 23 -j ACCEPT
ipchains -A input -j DENY

Would that allow telnet from all locations and ONLY telnet. Or will the system look at the last rule I entered and work towards the first.

Thanks in advance.

JimKyle · 01-08-2002, 09:34 AM

With your example, it will look at the first and work its way down.

However if you use "-I" instead of "-A" that will reverse the order, because the second rule you enter will be inserted ahead of the first one -- which was itself inserted at the head of the input filter chain.

The difference can be critical, when you're setting up rules in something like portsentry. I had to change the original "-A" rule to be "-I" so that the rule added by portsentry would appear before my final catch-all rule!

unSpawn · 01-08-2002, 11:05 AM

Hmm. JimKyle is right, ipchains always works top-down when using only "-A"'s.

But your (to)addy can't be 0.0.0.0, and it can't have --destination (to) like this, it should be --source (from). If you did mean "from any addy to my addy port 23" I'd add a var $ANY, add the DENY as default policy, the eth0 in case of scalability, and your ip address and then it'd look like this:

ANY="0.0.0.0"
IP="(ip addr here)"

ipchains -P input DENY
ipchains -A input -i eth0 -p tcp -s $ANY -d $IP 23 -j ACCEPT