Find the answer to your Linux question:
Results 1 to 6 of 6
I've been reading this tutorial and one thing confuses me slightly. Code: # iptables -P INPUT ACCEPT # iptables -F The first command sets the default policy for the input ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,561

    Absolute iptables beginners question


    I've been reading this tutorial and one thing confuses me slightly.

    Code:
    # iptables -P INPUT ACCEPT
     # iptables -F
    The first command sets the default policy for the input chain and the second drops all existing rules. It is implied in the tutorial that the first rule you set here is left in place by the flush.

    How does it know to ignore it? Does it leave all the default policies in place?

    These are probably a really dumb questions but I'm asking them anyway
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    The Fifth Continent

  2. #2
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    The policy of a chain is simply what netfilter should do if a packet does not meet the rules you've specified. By setting it to accept you're saying, "allow any packets through that do not meet these rules". If you flush the rules, then this is basically the same as deleting each rule one by one until there are none left.

    By setting the policy to accept and then flushing the rules, it's telling netfilter to accept everything.

  3. #3
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,390
    To repeat and add:
    The default policy is handled a bit different than your other rules.

    The basic idea is: If none of the defined rules match, do what the default policy says.
    Kind of like routing. If nothing else matches, use the default gw.

    The default policy is unaffected by flushs. It needs to be set explicitly.
    Which leads to the common error of setting a REJECT default (as it should be on a fw), and then flush: You are locked out.
    You must always face the curtain with a bow.

  4. #4
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,561
    Yeah that does make sense. And now I have my head around around the differences iptables rules are fairly straight forward.

    Quote Originally Posted by Irithori View Post
    The default policy is unaffected by flushs. It needs to be set explicitly.
    Which leads to the common error of setting a REJECT default (as it should be on a fw), and then flush: You are locked out.
    Which would be a bummer in a remote data centre
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    The Fifth Continent

  5. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Here is another tutorial you can look through that is a bit more detailed.

    Iptables Tutorial

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #6
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,561
    Quote Originally Posted by Lazydog View Post
    Here is another tutorial you can look through that is a bit more detailed.

    Iptables Tutorial
    That's a fair bit of reading and has been bookmarked for future consumption.
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    The Fifth Continent

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •