LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Iptables rules should always start with dport ? (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-rules-should-always-start-with-dport-4175467429/)

linuxcenter 06-26-2013 03:53 AM
Iptables rules should always start with dport ?
 
for eg : to Allow Outgoing HTTPS

iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
(why its dport to sport )

( why not sport to dport)

can we convert the rule to this
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state ESTABLISHED -j ACCEPT

:)

acid_kewpie 06-26-2013 04:52 AM
You will not start a new connection coming from port 443, what are you actually trying to do and why do you want to arbitrarily swap two parameters in different lines?? Are you are of what a source or destination port really is?

linuxcenter 06-26-2013 05:09 AM
Iptables rules should always start with dport ?
 
To allow internet access u need to allow outgoing connection to tcp port 80 & 443

The rule starts as: TO/DESTINATION PORT - FROM/SOURCE PORT IN both OUTPUT OR INPUT
EG: TO:
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

FROM :
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

(why destination port is emphasized as first, as per outgoing connections its from source to destination. But in iptables to make an outgoing connection its always destination and than source port. even the same applies for input/incoming connections)

acid_kewpie 06-26-2013 05:20 AM
You mean first as in the first command in the list? They are different tables, they do not relate to each other at all. They happen to relate to the same potential set of network connections, but a single TCP packet can not match on both INPUT and OUTPUT rules.

linuxcenter 06-26-2013 05:42 AM
Iptables rules should always start with dport ?
 
The question is simple for any rules we create for input or output

the rule says to dport(others pc/website/server) from sport(my pc) for Output rule

whereas in Input its to dport (my pc ) from sport (others pc/website/server)

For both INPUT OR OUPUT
its always destination port first

acid_kewpie 06-26-2013 07:29 AM
yes, I think it's an easy question, but it's not written in good English, and I've already answered it twice and you appear to just be repeating yourself. You don't appear to understand the function of the INPUT and OUTPUT tables and how they relate to TCP connections. Some back ground reading in this area would benefit you unless you can as a specific question about it.


All times are GMT -5. The time now is 08:32 AM.