Restricting outside access to certain ports
Mon, 16 Jul 2001 09:24:45 -0400
Yes, the default policy is accept, but these are ports that ARE explicitly
set to be passed to another chain, and that chain will either accept (if
the port is allowed) or drop the packet if this port isn't specified, and
it's not doing that.
I guess the core of my question is this, does the Forward chain actually do
any checking (specifically port checking) or is it only there for policy
usage (stopping all traffic or allowing all traffic)?
"Andrew Heberle" <email@example.com> on 07/14/2001 12:49:43 AM
To: Chris Burkhart/ABP/AuBonPain, firstname.lastname@example.org
Subject: Re: Restricting outside access to certain ports
> Now, the problem is that it passes EVERY packet.. regardless of what port
> it's on. Does this type of checking work properly in IPTables? Do I
Have you set the default policy of the FORWARD chain to DROP or REJECT?
Remember that the default policy starts of being ACCEPT so anything no
explicitly denied (DROPped or REJECTed) will be ACCEPTed.
To set the default policy on a built-in chain do this:
$iptables -P $chain $target