LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-28-2009, 03:40 AM   #1
allancth
Member
 
Registered: Mar 2009
Posts: 37

Rep: Reputation: 15
Question iptables sequence?


Are the rules inside iptables (all 3 INPUT, FORWARD & OUTPUT) are checked in sequence when routing packets?

Let's say

Rules (INPUT)
ACCEPT all s1 d1
ACCEPT all s1 d2
DROP all anywhere anywhere
ACCEPT all s1 d1
ACCEPT all s1 d3

If data come into the server from s1, will it still go to d3? And if there are duplicated records like s1 to d1? Any problem with that?
 
Old 03-28-2009, 04:00 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Packets only go through FORWARD when they are addressed to another box. They go through OUTPUT when they have been generated by the iptables box. They go through INPUT when they are addressed to the iptables box.

Last edited by win32sux; 03-28-2009 at 04:01 AM.
 
Old 03-28-2009, 04:03 AM   #3
allancth
Member
 
Registered: Mar 2009
Posts: 37

Original Poster
Rep: Reputation: 15
Okay. Let's say in the INPUT chain, are they checked in sequence?
 
Old 03-28-2009, 04:05 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Yes, the packets go through a chain's rules from top to bottom.

I recommend chapter 6 of Oskar Andreasson's tutorial for a good view of the whole process.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables - Chain sequence Madhushanka Linux - Security 2 12-19-2008 11:03 PM
The sequence of loop ArthurHuang Programming 6 05-20-2006 09:34 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 09:20 PM
Boot sequence wrangler Linux - Newbie 3 03-07-2005 11:51 AM
Boot sequence fiomba Mandriva 2 12-15-2004 08:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration