Welcome to the Linux Foundation Forum!

ACCEPT all -- anywhere anywhere on the beginning and the end of the INPUT chain



i have found that my iptables INPUT chain has default ACCEPT policy, what puzzle me is the purpose and order of the multiple rules:
ACCEPT all -- anywhere anywhere

iptables -L

Chain INPUT ([B]policy ACCEPT[/B]) target prot opt source destination [B]ACCEPT all -- anywhere anywhere [/B] ACCEPT all -- anywhere ACCEPT all -- ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpts:12340:12350 ACCEPT udp -- anywhere anywhere udp dpts:12340:12350 ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere [B]DROP all -- anywhere anywhere[/B]

the iptables -S looks better:

-A INPUT -i lo -j ACCEPT -A INPUT -s -j ACCEPT -A INPUT -s -d -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 12340:12350 -j ACCEPT -A INPUT -p udp -m udp --dport 12340:12350 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i tun+ -j ACCEPT -A INPUT -i wg0 -j ACCEPT -A INPUT -j DROP

allow from LAN
allow DNS
allow port range
allow ping
allow only standard connections (RELATED, ESTABLISHED)
allow tunnel interfaces
drop everything else


Upcoming Training