Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-13-2019, 04:06 AM   #1
Registered: Dec 2002
Location: algeria
Distribution: redhat 7.3, debian lenny
Posts: 623

Rep: Reputation: 31
which one is executed first ip_forward=1 or iptables FORWARD Drop

I am using one machine, say SERV, as a gateway ( cards eth0, eth1) from network1 to network2, I want to forward all packets but tcp port 80 so I used
sysctl -w net.ipv4.ip_forward=1
I want to drop port 80, and accept others port
I tryed

iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j DROP

but not ran

Thanks for help
Old 06-13-2019, 09:20 AM   #2
Senior Member
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora, Alpine, Cirros, OpenSuse/SLES
Posts: 3,455

Rep: Reputation: 905Reputation: 905Reputation: 905Reputation: 905Reputation: 905Reputation: 905Reputation: 905Reputation: 905
Please provide a problem description. The iptables command didn’t run? Or port 80 packets are not dropped? Or other packets are not forwarded? Or another problem?

Also check your routing and general IP configuration.
Old 06-13-2019, 04:10 PM   #3
Senior Member
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,032

Rep: Reputation: 76
The ip_forward of sysctl is not executed, it's simply telling the system whether to enable ip forwarding or not. Without it
you simply cannot forward packets. It's not about which is executed first.

But I agree with berndbausch, you should at least write a basic description of the problem.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it necessary to drop specific flags in IPTABLES with an INPUT DROP policy? rootaccess Linux - Networking 5 08-22-2012 08:10 PM
[SOLVED] Configured Cron job executed every hour is instead executed every minute for 10m markings Linux - Software 4 05-13-2012 05:43 PM
Netfilter kernel module hook at PREROUTING forward packet use ip_forward(sk_buff) lukeshih Programming 0 11-18-2010 03:35 AM
[SOLVED] Xwindow's program will not run when executed on boot or when executed remotely richman1234 Programming 2 10-08-2010 01:32 PM
iptables - drop all -> allow needed OR allow all -> drop specific lucastic Linux - Security 5 12-21-2004 02:07 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:26 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration