I think I found the site which showed some very large amounts of info on iptables including the graphs I mentioned, I'm pretty sure this was the one of many I went through...
If this site has been passed around already then forgive me... http://iptables.linuxguruz.org/iptables-tutorial/iptables-tutorial.html#AEN1 42 -----Original Message----- From: Ben Donohue [mailto:[EMAIL PROTECTED]] Sent: Thursday, 3 January 2002 9:05 PM To: George Vieira Subject: Re: [SLUG] IPTABLES and confusing messages yes George if you can find the page again i for one would appreciate it. i'm finding iptables rather hard so any help would be appreciated. look in your history file if you have one for the site! thanks Ben George Vieira wrote: > > Ahaa!! Crossfire was right. Packets do not pass through the INPUT chain > first and then the FORWARD chain like they do in IPCHAINS. > I have allowed the internet network on the internal device and dropped > practically everything else and it now logs and drops properly. > Thanks for that information. I also had found a site which graphed a block > diagram of how the rules work but accidently closed the page. > > If people want it, I'll try and find that site again and post it. > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > > -----Original Message----- > From: Crossfire [mailto:[EMAIL PROTECTED]] > Sent: Thursday, 3 January 2002 10:27 AM > To: George Vieira > Cc: Sydney Linux Users Group (E-mail) > Subject: Re: [SLUG] IPTABLES and confusing messages > > George Vieira was once rumoured to have said: > > hey all, > > > > I thought I was starting to get an understaning of iptables when I > stumbled > > on this problem. > > > > [snip] > > > The other thing weird is that my rules aren't DROPPING non allowed packets > > and yet my rules appear quite strict.. I usually ACCEPT on the OUTPUT and > > FORWARD (-P) rules.. I explicitly specify as much rule matching as > possible > > to eliminate the possiblility of accidently accepting when it shouldn't > ie. > > "-A INPUT -i eth1 -d 203.x.x.x" ouch.. Anything I want passed through I > make > > the rules as explicit as possible. > > It sounds like you're being snared by the fact that forwarded packets > do not pass through the INPUT ruleset in iptables, which is different > behaviour to ipchains. > > C. > -- > --==============================================-- > Crossfire | This email was brought to you > [EMAIL PROTECTED] | on 100% Recycled Electrons > --==============================================-- > -- > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
