Login or Register to Ask a Question and Join Our Community


IP Networking

iptables ACCEPT & REJECT

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking iptables ACCEPT & REJECT
# 1  
Old 07-18-2013
iptables ACCEPT & REJECT
Hey everyone, something curious I found. I was studying up on iptables, and saw that my filter table, has it's INPUT chain to accept all incoming packets..and then to reject all incoming packets. Am I reading this right? take a look.

I couldn't format it properly, so I stuck it on a pastebin and attached the image


Obviously this doesn't make sense, and I don't see how it could possibly work.
iptables ACCEPT & REJECT-screenshot-2013-07-18-17-15-42png
# 2  
Old 07-18-2013
I have no idea why you'd take a screenshot of a pastebin service, then attach it. 5 steps and 211 kilobytes of data to post something 700 bytes in size that could've been done in 1 step.

Since you left the URL in the screenshot I can just grab and paste the text myself fortunately.

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The input chain does look a bit silly, an 'accept anything' rule followed by a 'reject everything' I can imagine a braindead firewall generator making this, adding a 'reject the world' command as a matter of course that will never be reached. It doesn't hurt anything.
# 3  
Old 07-19-2013
lol, I had to do that because I couldn't put a link in the post... apparently I don't have enough 'points' on here... I could that out after I made the pastebin..too lazy to think of another solution

anyway... so the first rule, the default policy is used first and the reject policy is never used because of this?
# 4  
Old 07-19-2013
... and also it is against our forum guidelines to post links to pastebin services.....

... code should be cut-and-pasted in these forums... do not post external links to the code ....
# 5  
Old 07-19-2013
Quote:
Originally Posted by Lost in Cyberia
anyway... so the first rule, the default policy is used first and the reject policy is never used because of this?
Actually, the first rule is to allow all packets from established connections, that's what the "RELATED, ESTABLISHED" means. It's a sensible rule, it makes it harder to firewall yourself out by accident.

The next allows all ICMP packets. Again, no surprises.

The next allows everything. This is strange because it makes the next rule useless.

The last denies everything.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SFTP Shell Script Get & Delete && Upload & Delete

Hi All, Do you have any sample script, - auto get file from SFTP remote server and delete file in remove server after downloaded. - only download specify filename - auto upload file from local to SFTP remote server and delete local folder file after uploaded - only upload specify filename ... (3 Replies)
Discussion started by: weesiong
3 Replies

2. Ubuntu

NOQUEUE: reject: Relay access denied - Postfix

Hello, I am trying to setup a mail server (Postfix) on Ubuntu Server at my end but facing Relay access denied issue. Mail Server DNS is mydomain.com and MX record is also added to the DNS server for the same. When i am sending out emails from outer domain to user1@mydomain.com, I configured... (2 Replies)
Discussion started by: sunnysthakur
2 Replies

3. IP Networking

iptables NAT prerouting & postrouting

Good morning, I'm a newbie of iptables and as far as I've seen on tutorials on the Internet it seems that both prerouting and postrouting NAT chains are undergone both by a packet that goes from an internal LAN to the Internet and of a one that goes in the opposite direction (from the Internet to... (0 Replies)
Discussion started by: giac85
0 Replies

4. Red Hat

iptables & port 53 (DNS)

Hi, I have a newly built RHEL5 OS that is unable to talk to the DNS server. I am unable to telnet resolv.conf entry over port 53 but apparently this port has been opened. # telnet 209.212.96.1 53 and..... # dig www.google.com ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>>... (9 Replies)
Discussion started by: Duffs22
9 Replies

5. Shell Programming and Scripting

Reject the record if the record in the next line does not begin with 2.

Hi, I have a input file with the following entries: 1one 2two 3three 1four 2five 3six 1seven 1eight 1nine 2ten 2eleven 2twelve 1thirteen 2fourteen The output should be: (5 Replies)
Discussion started by: supchand
5 Replies

6. Shell Programming and Scripting

Reject the record if the record in the next line does not satisfy the pattern

Hi, I have a input file with the following entries: 1one 2two 3three 1four 2five 3six 1seven 1eight 1nine 2ten The output should be 1one 2two 3three 1four 2five 3six (2 Replies)
Discussion started by: supchand
2 Replies

7. Shell Programming and Scripting

How to find a reject number.

Hi, Unix Gurus, I have a log file as following: WRT_8036 Target: AAA (Instance Name: ) WRT_8038 Inserted rows - Requested: 10000 Applied: 10000 Rejected: 0 Affected: 10000 WRITER_1_*_1> WRT_8161 TARGET BASED COMMIT POINT Fri Aug 26 18:19:23 2011 WRT_8036 Target:... (2 Replies)
Discussion started by: ken002
2 Replies

8. Shell Programming and Scripting

How to reject row from one file to another depending upon some condition

Hi I have a input file say abc.dat which contains data as below name~address~email~ID john~newyork~john@gmail.com~1500D steve~sydney~steve@abc.com~3451E Now if length of name is > 50 or ID is null then the row should rejected to another file say reject.dat along with reason for rejection... (2 Replies)
Discussion started by: saurav2602
2 Replies

9. Shell Programming and Scripting

PHP read large string & split in multidimensional arrays & assign fieldnames & write into MYSQL

Hi, I hope the title does not scare people to look into this thread but it describes roughly what I'm trying to do. I need a solution in PHP. I'm a programming beginner, so it might be that the approach to solve this, might be easier to solve with an other approach of someone else, so if you... (0 Replies)
Discussion started by: lowmaster
0 Replies

10. Shell Programming and Scripting

How to prompt for input & accept input in ONE line

hi, am a new learner to shell programming. i have a script which will prompt for user to key in their name & display their name afterwards. script ===== echo "Pls enter your name:" read name echo "Your name is $name." output ===== Pls enter your name: Bob Your name is Bob. what... (2 Replies)
Discussion started by: newbie168
2 Replies
Login or Register to Ask a Question