LinuxQuestions.org - which one is executed first ip_forward=1 or iptables FORWARD Drop

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - which one is executed first ip_forward=1 or iptables FORWARD Drop (https://www.linuxquestions.org/questions/linux-security-4/which-one-is-executed-first-ip_forward%3D1-or-iptables-forward-drop-4175655622/)

abd_bela

06-13-2019 04:06 AM

which one is executed first ip_forward=1 or iptables FORWARD Drop

Hi,
I am using one machine, say SERV, as a gateway ( cards eth0, eth1) from network1 to network2, I want to forward all packets but tcp port 80 so I used
sysctl -w net.ipv4.ip_forward=1
I want to drop port 80, and accept others port
I tryed

iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j DROP

but not ran

Thanks for help
regards

berndbausch

06-13-2019 09:20 AM

Please provide a problem description. The iptables command didn’t run? Or port 80 packets are not dropped? Or other packets are not forwarded? Or another problem?

Also check your routing and general IP configuration.

vincix

06-13-2019 04:10 PM

The ip_forward of sysctl is not executed, it's simply telling the system whether to enable ip forwarding or not. Without it
you simply cannot forward packets. It's not about which is executed first.

But I agree with berndbausch, you should at least write a basic description of the problem.

All times are GMT -5. The time now is 07:19 PM.