Index
Subject
: LUG: iptables question
From
: "Daniel Underwood" <daniel.underwood@ncsu.[redacted]>
Date
: Wed, 29 Apr 2009 19:11:46 -0400
Hey folks,
System: Ubuntu 9.04 (kernel 2.6.28-11-generic) / iptables v1.4.1.1
Here is a script executed at boot time:
#!/bin/bash
iptables -F
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
After booting and logging in,
$ sudo iptables -L
returns the following:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
What's puzzling me is the rule number 2 in the INPUT chain. To me, it
seems to basically invert the chain policy from "drop everything" to
"accept everything". Whatever the effect, I definitely don't see why
rule number 2 is there.
My best guess is that the loopback interface rule is somehow being
transmogrified--and, no, I've never used that word before! The interface
"lo" does exist, of course, and is indeed my loopback interface.
Any ideas?
Thanks in advance!
Daniel
--
Daniel Underwood
North Carolina State University
Graduate Student - Operations Research
email: daniel.underwood@ncsu.[redacted]
phone: XXX.302.3291
web: http://www4.ncsu.edu/~djunderw/
Replies
: