LinuxQuestions.org - iptables sequence?

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - iptables sequence? (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-sequence-715037/)

allancth

03-28-2009 02:40 AM

iptables sequence?

Are the rules inside iptables (all 3 INPUT, FORWARD & OUTPUT) are checked in sequence when routing packets?

Let's say

Rules (INPUT)
ACCEPT all s1 d1
ACCEPT all s1 d2
DROP all anywhere anywhere
ACCEPT all s1 d1
ACCEPT all s1 d3

If data come into the server from s1, will it still go to d3? And if there are duplicated records like s1 to d1? Any problem with that?

win32sux

03-28-2009 03:00 AM

Packets only go through FORWARD when they are addressed to another box. They go through OUTPUT when they have been generated by the iptables box. They go through INPUT when they are addressed to the iptables box.

allancth

03-28-2009 03:03 AM

Okay. Let's say in the INPUT chain, are they checked in sequence?

win32sux

03-28-2009 03:05 AM

Yes, the packets go through a chain's rules from top to bottom.

I recommend chapter 6 of Oskar Andreasson's tutorial for a good view of the whole process.

All times are GMT -5. The time now is 02:18 AM.