Welcome to the Linux Foundation Forum!

ACCEPT all -- anywhere anywhere on the beginning and the end of the INPUT chain

Hello,

i have found that my iptables INPUT chain has default ACCEPT policy, what puzzle me is the purpose and order of the multiple rules:
ACCEPT all -- anywhere anywhere

iptables -L

Chain INPUT ([B]policy ACCEPT[/B]) target prot opt source destination [B]ACCEPT all -- anywhere anywhere [/B] ACCEPT all -- 255.255.255.255 anywhere ACCEPT all -- 192.168.0.0/16 192.168.0.0/16 ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpts:12340:12350 ACCEPT udp -- anywhere anywhere udp dpts:12340:12350 ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere [B]DROP all -- anywhere anywhere[/B]

the iptables -S looks better:

-A INPUT -i lo -j ACCEPT -A INPUT -s 255.255.255.255/32 -j ACCEPT -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 12340:12350 -j ACCEPT -A INPUT -p udp -m udp --dport 12340:12350 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i tun+ -j ACCEPT -A INPUT -i wg0 -j ACCEPT -A INPUT -j DROP

allow from LAN
allow DNS
allow port range
allow ping
allow only standard connections (RELATED, ESTABLISHED)
allow tunnel interfaces
drop everything else

Categories

Upcoming Training