Re: cleaning up my firewall script...

To: debian-firewall@lists.debian.org
Subject: Re: cleaning up my firewall script...
From: Bjoern Schmidt <bj-schmidt@uni-paderborn.de>
Date: Mon, 09 Feb 2004 01:12:08 +0100
Message-id: <[🔎] 4026D058.1000803@uni-paderborn.de>
In-reply-to: <1076266167.6890.67.camel@laptop.richard>
References: <[🔎] 40267F4B.5060008@uni-paderborn.de> <1076266167.6890.67.camel@laptop.richard>

Richard Verwayen wrote:

Hello Bjoern,


Hello Richard,


you are right! There is no need for them!

i removed the last three lines. Since then the kernel used the INPUTchain policy two times to drop packets:


iptables -vL

Chain INPUT (policy DROP 2 packets, 316 bytes)

pkts bytes target prot opt in out sourcedestination223K 39M ACCEPT all -- any any anywhereanywhere state RELATED,ESTABLISHED1134 58488 LAN all -- eth0 any anywhereanywhere state NEW45 2714 LOOPBACK all -- lo any anywhereanywhere0 0 DSL_IN tcp -- ppp0 any anywhereanywhere state NEW tcp dpt:ssh0 0 DSL_IN tcp -- ppp0 any anywhereanywhere state NEW tcp dpt:auth78 4902 SHRED all -- any any anywhereanywhere


The last rule in this chain is:

finish_rules()
{
        iptables -N SHRED
        iptables -A INPUT   -j SHRED
        iptables -A SHRED   -j ULOG
        iptables -A SHRED   -j DROP
}

This rule should match on all packets so that the chain
policy will never be used, but it does not work correctly.
Where is the mistake?


--
Greetings
Bjoern Schmidt

Reply to:

Follow-Ups:
- Re: cleaning up my firewall script...
  - From: Mike Mestnik <cheako911@yahoo.com>
- Re: cleaning up my firewall script...
  - From: Pieter Smit <debian-firewall@vigor.co.za>

References:
- cleaning up my firewall script...
  - From: Bjoern Schmidt <bj-schmidt@uni-paderborn.de>

Prev by Date: Re: cleaning up my firewall script...
Next by Date: Re: cleaning up my firewall script...
Previous by thread: Re: cleaning up my firewall script...
Next by thread: Re: cleaning up my firewall script...
Index(es):
- Date
- Thread