which one is executed first ip_forward=1 or iptables FORWARD Drop

abd_bela · 06-13-2019, 04:06 AM

Hi,
I am using one machine, say SERV, as a gateway ( cards eth0, eth1) from network1 to network2, I want to forward all packets but tcp port 80 so I used
sysctl -w net.ipv4.ip_forward=1
I want to drop port 80, and accept others port
I tryed

iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j DROP

but not ran

Thanks for help
regards

berndbausch · 06-13-2019, 09:20 AM

Please provide a problem description. The iptables command didn’t run? Or port 80 packets are not dropped? Or other packets are not forwarded? Or another problem?

Also check your routing and general IP configuration.

vincix · 06-13-2019, 04:10 PM

The ip_forward of sysctl is not executed, it's simply telling the system whether to enable ip forwarding or not. Without it
you simply cannot forward packets. It's not about which is executed first.

But I agree with berndbausch, you should at least write a basic description of the problem.