Re: iptables for 1 interface pc and other questions

To: debian-firewall@lists.debian.org
Subject: Re: iptables for 1 interface pc and other questions
From: "Jamin W. Collins" <jcollins@asgardsrealm.net>
Date: Fri, 17 Jan 2003 08:07:04 -0600
Message-id: <[🔎] 20030117140703.GA28128@asgardsrealm.net>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 20030117124301.9AA811F8E4@murphy.debian.org>
References: <[🔎] 20030117124301.9AA811F8E4@murphy.debian.org>

On Fri, Jan 17, 2003 at 01:24:13PM +0000, benedict.verheyen@pandora.be wrote:

> This is the script:
(snip)

Your script only works with one of the three default tables (filter),
there are two others (nat and mangle).

> Is this setup workable and safe? What should i add?

I would include the other two tables and make use of them.  Unwanted
traffic should be stopped at the earliest opportunity.  Which would be
the PREROUTING chain in the mangle table.

> Some other questions:
> * Am i correct in assuming that on a 1 interface system as above, only
> the INPUT and OUTPUT chains are used? Or should one check the FORWARD
> chain anyway?

If you're only talking about the filter table, then TMK, you are
correct.  However with the mangle and nat tables involved you have
something more like this:

   INBOUND (firewall as destination)
   - mangle-prerouting
   - nat-prerouting
   - filter-input

   OUTBOUND (firewall as source)
   - mangle-output
   - nat-output
   - filter-output
   - nat-postrouting

-- 
Jamin W. Collins

Reply to:

References:
- iptables for 1 interface pc and other questions
  - From: "benedict.verheyen@pandora.be" <linux4bene@pandora.be>

Prev by Date: iptables for 1 interface pc and other questions
Next by Date: Multiple dhcp client interfaces
Previous by thread: iptables for 1 interface pc and other questions
Next by thread: Re: iptables for 1 interface pc and other questions
Index(es):
- Date
- Thread