Re: cleaning up my firewall script...
Richard Verwayen wrote:
Hello Bjoern,
Hello Richard,
you are right! There is no need for them!
i removed the last three lines. Since then the kernel used the INPUT
chain policy two times to drop packets:
iptables -vL
Chain INPUT (policy DROP 2 packets, 316 bytes)
pkts bytes target prot opt in out source
destination
223K 39M ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED
1134 58488 LAN all -- eth0 any anywhere
anywhere state NEW
45 2714 LOOPBACK all -- lo any anywhere
anywhere
0 0 DSL_IN tcp -- ppp0 any anywhere
anywhere state NEW tcp dpt:ssh
0 0 DSL_IN tcp -- ppp0 any anywhere
anywhere state NEW tcp dpt:auth
78 4902 SHRED all -- any any anywhere
anywhere
The last rule in this chain is:
finish_rules()
{
iptables -N SHRED
iptables -A INPUT -j SHRED
iptables -A SHRED -j ULOG
iptables -A SHRED -j DROP
}
This rule should match on all packets so that the chain
policy will never be used, but it does not work correctly.
Where is the mistake?
--
Greetings
Bjoern Schmidt
Reply to: