I have few questions about how iptables works.
I writed some iptables script but I just discover (myself) a real security hole in my own firewall script. Because of that I have some questions
Here are my questions:
1-I want to know.. what exactly iptables do if he doesn't find a suitable rules? I think he is allowing the trafic, but can I change this? Can I add an option to block all "not ruled" incoming trafic?
2-If 2 rules say the same things but do not "do" the same thing with the trafic, what will happen?
Example:
-A INPUT -s 0/0 -d 0/0 -p --dport 9999 -j ACCEPT
and
-A INPUT -s 0/0 -d 0/0 -p --dport 9999 -j DROP
Will Iptables drop the trafic or will it "stop checking" after the first matching rules ?
3-Depending of the answer of the last question.... Can I accept and log connection with two line like this :
-A INPUT -s 0/0 -d 0/0 -p --dport 9999 -j ACCEPT
and
-A INPUT -s 0/0 -d 0/0 -p --dport 9999 -j LOG
or do I need to do something else?
Thanx