Results 1 to 6 of 6
I've been reading this tutorial and one thing confuses me slightly.
Code:
# iptables -P INPUT ACCEPT
# iptables -F
The first command sets the default policy for the input ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 01-24-2013 #1Penguin of trust
- Join Date
- Jul 2004
- Location
- Either at home or at work or down the pub
- Posts
- 2,838
Absolute iptables beginners question
I've been reading this tutorial and one thing confuses me slightly.
The first command sets the default policy for the input chain and the second drops all existing rules. It is implied in the tutorial that the first rule you set here is left in place by the flush.Code:# iptables -P INPUT ACCEPT # iptables -F
How does it know to ignore it? Does it leave all the default policies in place?
These are probably a really dumb questions but I'm asking them anyway
If we hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate! (Zapp Brannigan)
My new blog. It's probably not as good as I think it is.
The Fifth Continent reborn
- 01-24-2013 #2Linux User
- Join Date
- Feb 2005
- Location
- London, England
- Posts
- 463
The policy of a chain is simply what netfilter should do if a packet does not meet the rules you've specified. By setting it to accept you're saying, "allow any packets through that do not meet these rules". If you flush the rules, then this is basically the same as deleting each rule one by one until there are none left.
By setting the policy to accept and then flushing the rules, it's telling netfilter to accept everything.Great GNU/Linux references and resources:
The Linux Documentation Project
Rute User's Tutorial and Exposition
GNU/Linux Man Pages
- 01-24-2013 #3Trusted Penguin
- Join Date
- May 2009
- Location
- Munich
- Posts
- 2,973
To repeat and add:
The default policy is handled a bit different than your other rules.
The basic idea is: If none of the defined rules match, do what the default policy says.
Kind of like routing. If nothing else matches, use the default gw.
The default policy is unaffected by flushs. It needs to be set explicitly.
Which leads to the common error of setting a REJECT default (as it should be on a fw), and then flush: You are locked out.You must always face the curtain with a bow.
- 01-24-2013 #4Penguin of trust
- Join Date
- Jul 2004
- Location
- Either at home or at work or down the pub
- Posts
- 2,838
Yeah that does make sense. And now I have my head around around the differences iptables rules are fairly straight forward.
Which would be a bummer in a remote data centre
Originally Posted by Irithori 
If we hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate! (Zapp Brannigan)
My new blog. It's probably not as good as I think it is.
The Fifth Continent reborn
- 01-24-2013 #5Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,613
Here is another tutorial you can look through that is a bit more detailed.
Iptables Tutorial
- 01-24-2013 #6Penguin of trust
- Join Date
- Jul 2004
- Location
- Either at home or at work or down the pub
- Posts
- 2,838
That's a fair bit of reading and has been bookmarked for future consumption. Originally Posted by Lazydog If we hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate! (Zapp Brannigan)
My new blog. It's probably not as good as I think it is.
The Fifth Continent reborn
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
