Is possible to configure multiple interfaces in one rule in/out for default and custom chains?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm not the world's expert on this by any means, but at 555 views and no answers, let me call it.
It's not good to do as you suggest. Stick to 1 interface, one address range, one instruction. Read the configuration man page, e.g. 'man iptables.conf' or download internet examples. Test your results by connecting your nic to another pc, giving it a static ip of your choice, and sending packets.
The resulting config will also be easier to read, and edit. Group things intelligently. If it's firewall rules, you can rest assured you will be back, and it's good to at least start with an easy-to-read file.
I (not the world's expert on this by any means) also thought the standard order was
allow this
allow that
allow the other
deny all
which ensures that everything you haven't thought of gets blocked. I'd really suggest you read some more, and get a feel for it yourself.
I (not the world's expert on this by any means) also thought the standard order was
allow this
allow that
allow the other
deny all
It's sometimes better to specify a drop before and after the accept (if they are added to chain, if they are injected to chain that's a different story).
Mine have always looked something like this:
- many multiport, iprange, and protocol drops.
- couple of wide range statefull accepts
- drop all
And for the OP: may be possible but never really looked into it, personally I just specify separate rules for each interface.
It's sometimes better to specify a drop before and after the accept (if they are added to chain, if they are injected to chain that's a different story).
sudo iptables -A FORWARD -i eth1, vlan350 -o eth3, vlan351 -j DanM_test1 -> eth1, vlan350, eth3, vlan351 are different interfaces
I'm receiving:
Bad argument `vlan350'
Try `iptables -h' or 'iptables --help' for more information.
Assuming you copy-pasted the exact command I think the specific issue here causing the error message is that your interfaces aren't comma separated, they are separated by comma and space. So iptables sees vlan350 as a separate argument and hence reports bad argument.
As for specifying multiple interfaces in one go, I don't see a problem.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
, is a hard scenario indeed and we figure out what was needed for our scenario.
