ACCEPT all -- anywhere anywhere on the beginning and the end of the INPUT chain
Hello,
i have found that my iptables INPUT chain has default ACCEPT policy, what puzzle me is the purpose and order of the multiple rules:
ACCEPT all -- anywhere anywhere
iptables -L
Chain INPUT ([B]policy ACCEPT[/B]) target prot opt source destination [B]ACCEPT all -- anywhere anywhere [/B] ACCEPT all -- 255.255.255.255 anywhere ACCEPT all -- 192.168.0.0/16 192.168.0.0/16 ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpts:12340:12350 ACCEPT udp -- anywhere anywhere udp dpts:12340:12350 ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere [B]DROP all -- anywhere anywhere[/B]
the iptables -S looks better:
-A INPUT -i lo -j ACCEPT -A INPUT -s 255.255.255.255/32 -j ACCEPT -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 12340:12350 -j ACCEPT -A INPUT -p udp -m udp --dport 12340:12350 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i tun+ -j ACCEPT -A INPUT -i wg0 -j ACCEPT -A INPUT -j DROP
allow from LAN
allow DNS
allow port range
allow ping
allow only standard connections (RELATED, ESTABLISHED)
allow tunnel interfaces
drop everything else
Categories
- All Categories
- 177 LFX Mentorship
- 177 LFX Mentorship: Linux Kernel
- 766 Linux Foundation IT Professional Programs
- 378 Cloud Engineer IT Professional Program
- 174 Advanced Cloud Engineer IT Professional Program
- 75 DevOps IT Professional Program - Discontinued
- 7 DevOps & GitOps IT Professional Program
- 101 Cloud Native Developer IT Professional Program
- 7.6K Training Courses & Learning Paths
- 4 AI & ML Training
- 1 Blockchain & Decentralized Identity Training
- 10 Cloud & Containers Training
- 1 Cybersecurity Training
- 2 DevOps & Site-Reliability Training
- 1 Linux Kernel Development Training
- 1 Networking Training
- 2 Open Source Best Practice Training
- 2 System Administration Training
- 1 System Engineering Training
- 1 Web & Application Development Training
- 796 Hardware
- 202 Drivers
- 68 I/O Devices
- 37 Monitors
- 95 Multimedia
- 173 Networking
- 91 Printers & Scanners
- 91 Storage
- 770 Linux Distributions
- 81 Debian
- 68 Fedora
- 23 Linux Mint
- 13 Mageia
- 24 openSUSE
- 150 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 356 Ubuntu
- 465 Linux System Administration
- 31 Cloud Computing
- 73 Command Line/Scripting
- Github systems admin projects
- 98 Linux Security
- 78 Network Management
- 101 System Management
- 46 Web Management
- 116 Mobile Computing
- 20 Android
- 81 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 395 Off Topic
- 121 Introductions
- 30 Study Material
- 997 Programming and Development
- 310 Kernel Development
- 669 Software Development
- 1K Software
- 397 Applications
- 182 Command Line
- 5 Compiling/Installing
- 69 Games
- 318 Installation
- Archived
- 183 Small Talk
- 2 LFD140 Class Forum
- 1.4K LFS258 Class Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)