Groups | Search | Server Info | Login | Register
Groups > linux.debian.maint.firewall > #126
| From | linux_forum1 <linux_forum1@protonmail.com> |
|---|---|
| Newsgroups | linux.debian.maint.firewall |
| Subject | Is this even POSSIBLE? |
| Date | 2022-01-06 19:00 +0100 |
| Message-ID | <DCFdn-2RA-1@gated-at.bofh.it> (permalink) |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
Hello, I have 2 questions if that's OK. INPUT DROP FORWARD DROP OUTPUT DROP -N Block -N Logger -A INPUT -j Block -A Block -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j Logger -A Logger -j LOG --log-level 4 -A Logger -j DROP -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT There will be more rules in Block, but I just want to understand the logic. 1.) How is -A INPUT -j Block possible before there are any rules appended to Block, does that mean iptables first searches and assembles all rules that belong to custom chains regardless of order? Same for Logger. 2.) Would this be OK to log and drop all rules in in Block? I am worried because there are four jumps, INPUT -> Block -> Logger -> LOG -> Logger -> DROP
Back to linux.debian.maint.firewall | Previous | Next — Next in thread | Find similar
Is this even POSSIBLE? linux_forum1 <linux_forum1@protonmail.com> - 2022-01-06 19:00 +0100
Re: Is this even POSSIBLE? Dan Ritter <dsr@randomstring.org> - 2022-01-06 20:00 +0100
Re: Is this even POSSIBLE? linux_forum1 <linux_forum1@protonmail.com> - 2022-01-06 21:20 +0100
RE: Is this even POSSIBLE? linux_forum1 <linux_forum1@protonmail.com> - 2022-01-07 10:30 +0100
csiph-web