LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-04-2002, 02:35 AM   #1
Half_Elf
LQ Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 46
How Iptables works


I have few questions about how iptables works.
I writed some iptables script but I just discover (myself) a real security hole in my own firewall script. Because of that I have some questions

Here are my questions:
1-I want to know.. what exactly iptables do if he doesn't find a suitable rules? I think he is allowing the trafic, but can I change this? Can I add an option to block all "not ruled" incoming trafic?

2-If 2 rules say the same things but do not "do" the same thing with the trafic, what will happen?
Example:
-A INPUT -s 0/0 -d 0/0 -p --dport 9999 -j ACCEPT
and
-A INPUT -s 0/0 -d 0/0 -p --dport 9999 -j DROP

Will Iptables drop the trafic or will it "stop checking" after the first matching rules ?

3-Depending of the answer of the last question.... Can I accept and log connection with two line like this :
-A INPUT -s 0/0 -d 0/0 -p --dport 9999 -j ACCEPT
and
-A INPUT -s 0/0 -d 0/0 -p --dport 9999 -j LOG
or do I need to do something else?


Thanx
 
Old 07-04-2002, 11:00 AM   #2
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
The first rule will be used, you should always put the accept rules first then the drop or deny rule for everything else
The logging is usually placed in between the accept rule and the drop rule,
the packets that get past the accept rule will be logged and then dropped.

It is not really a great idea to log everything so it makes sense to log the dropped or denied packets for sercurity reasons.

If you really want to log accepted packets then you should be able to put the log rule first.
 
Old 07-04-2002, 04:25 PM   #3
Half_Elf
LQ Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Original Poster
Rep: Reputation: 46
Ahhhh thanks
Can I log some rules in a files instead of these annoying dmesg progs??
 
Old 07-05-2002, 01:48 AM   #4
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
it is setup in /etc/syslog.conf


it goes to kern priority level 4

I think most systems will see it in /var/log/messages or the console

Last edited by DavidPhillips; 07-05-2002 at 02:13 AM.
 
Old 07-10-2002, 06:24 PM   #5
tarballedtux
Member
 
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Rep: Reputation: 30
Just to answer your first question. If there is no suitable rule found then IPTABLES reverts to the policy rule. When you do a IPTABLES -L command the name of the chain followed by the policy is displayed (ex INPUT(DROP) ) means that if no rules match an incoming packet then the packet is dropped.
To set policies just put these three lines at the beginning of your firewall script.

IPTABLES -P INPUT DROP
IPTABLES -P OUTPUT DROP
IPTABLES -P FORWARD DROP

That should tighten your box slightly
 
Old 07-11-2002, 09:03 PM   #6
Half_Elf
LQ Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Original Poster
Rep: Reputation: 46
hum Thanx, I will play with these new rules
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Mounting works, playing music works, reading tags doesn't Celettu Linux - Newbie 7 08-23-2006 12:27 PM
my new iptables firewall, everything works except for FTP kawdk Linux - Networking 2 08-01-2004 04:47 AM
bittorrent / iptables (?) problem (works more or less :x) nei Linux - Networking 2 03-31-2004 06:34 AM
iptables works fine but not after boot wslogue Linux - Security 2 11-24-2003 09:51 AM
IpTables port forwarding works but cant get out acdcbag Linux - Networking 1 11-08-2001 03:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration