When do the rule apply?
Andy Smith
andy at strugglers.net
Wed Jun 15 22:10:07 CEST 2005
On Wed, Jun 15, 2005 at 10:01:54PM +0200, Alexander Salmin wrote:
> Hi, I guess this question is just a silly one for experts, but I can't
> find the answer anywhere so I'm asking you guys.
>
> In what order do the assigned rules apply in this script?
>
> # Example1
> iptables -A INPUT -j DROP # rule #1
> iptables -A INPUT --dport 80 -j ACCEPT # rule #2
>
> #Example2
> iptables -A INPUT --dport 80 -j ACCEPT # rule1
> iptables -A INPUT -j DROP # rule2
They apply in the order you've issued them since they are operating
on INPUT and they are appending.
> Will the both examples produce the same result?
No; example1 drops everything to INPUT with rule 2 never being
reached, but example2 would ACCEPT packets to port 80.. although
wouldn't that be a syntax error without at least -p tcp or -p udp to
tell it that it is something that has ports?
> Or will rule2 in example 2 make rule1 in example2 vanish because it's
> telling the system to drop all?
No, rules don't affect other rules. They may not be reached however.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter/attachments/20050615/57c1bcde/attachment.bin
More information about the netfilter
mailing list