08-02-2014
iptables Confusion
Hi all,
I am looking to get a few questions answered but I am having trouble finding an answer to these specific questions online.
1. Order of operations: THere are plenty of fancy diagrams online that illustrate the order of operations for IPTables (Raw before Mangle for example) but what I cannot find an answer to is if for example, The MANGLE PREROUTING chain had a rule to ACCEPT packets destined to 4.2.2.2, would the packet still be subject to the remaining tables? IE, would that packet then be examined by the NAT table, then the filter table, and their set of chains and rules? Or once an accept/permit is determined, is the packet good to go and no longer subject to further processing?
2. I am used to Vendor-based Firewall solutions such as Cisco, FortiGate, Palo Alto and such. All of these Firewalls have an IMPLICIT deny, but as far as I can tell, IPTables does not - is this correct? It looks as though an Implicit ACCEPT is the norm.
Thank you for your time!
Kyle
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hiya folks,
Just a quick question. When I am ready to download Fedora core 4, do I need to download all 4 ISO files? Or just one, I think myself it would be all 4 but dont want to sit and wait around if I only need to download one. Also after downloading the Iso files, do I burn one file to one... (6 Replies)
Discussion started by: Mr_Pinky
6 Replies
2. Shell Programming and Scripting
Hi,
I have written the following two scripts.
a.ksh --->
FPATH=/users/kushard
autoload b
b
echo "From a.ksh::" $aa
b --->
function b
{
typeset aa
aa="TRUE."
echo "From b::" $aa
export aa
} (1 Reply)
Discussion started by: kdipankar
1 Replies
3. UNIX for Dummies Questions & Answers
:confused: some one please tell me where i can possibly find out what is unix 10.2 and the basic system functions of it is. I really need help! (1 Reply)
Discussion started by: tribb24
1 Replies
4. UNIX for Dummies Questions & Answers
I'm an intern at a company that recently bought out another business. In doing so, they inherited a unix system that contains files which they need to retrieve. No one in the company, including myself, really understands or knows unix so please respond with the true assumption that I'm a unix... (1 Reply)
Discussion started by: intern
1 Replies
5. UNIX for Dummies Questions & Answers
Can somebody explain it to me that why wc gives more chars suppose
Ab.txt have two lines
qwer
qasd
then wc -c ab.txt will give 10.why not 8.okay may be it is taking count one for each line just in case but why echo "qwer"|wc -C gives 5.
Ok with \c it is returning 4. :) (6 Replies)
Discussion started by: Dhruva
6 Replies
6. Shell Programming and Scripting
Hello all,
I am trying to delete all the lines in a particular file having a pattern. The problem is that it has special characters and for some reason is not doing the job.
For eg.
src_file
/home/test/filelist.txt :xxxx:ogog
/home/test/RCH/ogogogg
/home/test/RYHUJ/HHHH... (3 Replies)
Discussion started by: alfredo123
3 Replies
7. UNIX for Dummies Questions & Answers
Good day, everyone!
Could anybody explain me the following situation.
If I'm running similar script:
Var="anna.kurnikova"
Var2="Anna Kurn"
echo $Var | tr -t "$Var" "$Var2"
Why the output is :
anna KurniKova
instead of Anna Kurnikova?
:confused:
Thank you in advance for any... (2 Replies)
Discussion started by: Nafanja
2 Replies
8. UNIX for Dummies Questions & Answers
I come across an entry in cron which is in such:
0 * * * *
What is the first 0 indicating? 0 minute? meaning a script cron as such will run every minute? :confused: (2 Replies)
Discussion started by: user50210
2 Replies
9. Shell Programming and Scripting
Hello All,
I have a problem in counting number of process getting run with my current script name..
Here it is
ps -ef | grep $0 | grep -v grep
This display just one line with the PID, PPID and other details when i print it in the script.
But when I want to count the numbers in my... (11 Replies)
Discussion started by: sathyaonnuix
11 Replies
10. UNIX for Advanced & Expert Users
All,
I am trying to clear ACL's completely from all files and folders in a directory. I can get the directories as cleared as:
# owner: root
# group: root
user::rwx
group::r-x
other::rwx
default:user::rwx
default:group::r-x
default:other::r-x
What ever I do I can't remove the... (4 Replies)
Discussion started by: hburnswell
4 Replies
Firewall mark classifier in tc(8) Linux Firewall mark classifier in tc(8)
NAME
fw - fwmark traffic control filter
SYNOPSIS
tc filter ... fw [ classid CLASSID ] [ action ACTION_SPEC ]
DESCRIPTION
the fw filter allows to classify packets based on a previously set fwmark by iptables. If it is identical to the filter's handle, the fil-
ter matches. iptables allows to mark single packets with the MARK target, or whole connections using CONNMARK. The benefit of using this
filter instead of doing the heavy-lifting with tc itself is that on one hand it might be convenient to keep packet filtering and classifi-
cation in one place, possibly having to match a packet just once, and on the other users familiar with iptables but not tc will have a less
hard time adding QoS to their setups.
OPTIONS
classid CLASSID
Push matching packets to the class identified by CLASSID.
action ACTION_SPEC
Apply an action from the generic actions framework on matching packets.
EXAMPLES
Take e.g. the following tc filter statement:
tc filter add ... handle 6 fw classid 1:1
will match if the packet's fwmark value is 6. This is a sample iptables statement marking packets coming in on eth0:
iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6
SEE ALSO
tc(8), iptables(8), iptables-extensions(8)
iproute2 21 Oct 2015 Firewall mark classifier in tc(8)