LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page creation of new iptables chains !!!!
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-23-2006, 08:50 PM   #1
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Rep: Reputation: 30
Cool creation of new iptables chains !!!!

Am i wrong if i say creation of new chains in iptables is also creation of new jumps like:

Quote:
$ipt -N ULOGDROP
$ipt -A ULOGDROP -j ULOG --ulog-prefix "OUTofORDER:"
$ipt -A ULOGDROP -j DROP
$ipt -A INPUT -j ULOGDROP
Just for checking i got it ....
 
Old 05-23-2006, 11:48 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by gabsik
Am i wrong if i say creation of new chains in iptables is also creation of new jumps like:

$ipt -N ULOGDROP
$ipt -A ULOGDROP -j ULOG --ulog-prefix "OUTofORDER:"
$ipt -A ULOGDROP -j DROP
$ipt -A INPUT -j ULOGDROP

Just for checking i got it ....
yes, technically you are wrong... chain creation and jumps are two different things...

having said that, your example seems fine as far as syntax is concerned... first you created a chain called ULOGDROP... then you appended a rule to it, sending all packets to the ULOG target... then you appended to it another rule blocking all packets... and then you appended a rule to the INPUT chain sending the packets to the ULOGDROP chain... pretty straight-forward stuff...
 
Old 05-24-2006, 01:24 PM   #3
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Original Poster
Rep: Reputation: 30
Quote:
$ipt -A INPUT -j ULOGDROP
So packets here are going to be ulogd with prefix "OUTofORDER:" and than dropped wherever i use the -j ULOGDROP.I have built a jump ULOGDROP ...
 
Old 05-24-2006, 10:43 PM   #4
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Original Poster
Rep: Reputation: 30
Let's say i have created a chain called BLACKLIST,than i make another chain ULOGDROP ... i can mix the 2 things like this:
Quote:
$IPT -A BLACKLIST -d 192.168.0.2 -j ULOGDROP
Do I?
Last edited by gabsik; 05-24-2006 at 10:50 PM.
 
Old 05-25-2006, 01:48 AM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by gabsik
Let's say i have created a chain called BLACKLIST,than i make another chain ULOGDROP ... i can mix the 2 things like this:

$IPT -A BLACKLIST -d 192.168.0.2 -j ULOGDROP

Do I?
yes, of course...
 
Old 05-25-2006, 05:27 PM   #6
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Original Poster
Rep: Reputation: 30
The can be both used as a chain and or jump ...
 
Old 05-25-2006, 06:57 PM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by gabsik
The can be both used as a chain and or jump ...
a jump refers to jumping from one chain to another by using another chain as a target for the relevant rule...

http://www.faqs.org/docs/iptables/targets.html
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to delete the one of iptables chains? 80mail Linux - Networking 1 12-21-2005 02:16 AM
iptables FLOOD FLAGS and INVALID chains - need another module? MadCactus Linux - Security 3 11-19-2003 08:26 AM
how packets traverse thru iptables chains? hardigunawan Linux - Security 1 01-09-2003 01:50 AM
IP chains? Statement Linux - Networking 4 03-11-2002 03:00 PM
ip chains iquadri1 Linux - Networking 0 09-29-2001 02:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:55 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration