Re: When do the rule apply?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andy Smith <andy@strugglers.net>
To: netfilter@lists.netfilter.org
Subject: Re: When do the rule apply?
Date: Wed, 15 Jun 2005 20:10:07 +0000	[thread overview]
Message-ID: <20050615201007.GA754@strugglers.net> (raw)
In-Reply-To: <393114f905061513012ac2216a@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1062 bytes --]

On Wed, Jun 15, 2005 at 10:01:54PM +0200, Alexander Salmin wrote:
> Hi, I guess this question is just a silly one for experts, but I can't
> find the answer anywhere so I'm asking you guys.
> 
> In what order do the assigned rules apply in this script? 
> 
> # Example1
> iptables -A INPUT -j DROP # rule #1
> iptables -A INPUT --dport 80 -j ACCEPT # rule #2
> 
> #Example2 
> iptables -A INPUT --dport 80 -j ACCEPT # rule1
> iptables -A INPUT -j DROP # rule2

They apply in the order you've issued them since they are operating
on INPUT and they are appending.

> Will the both examples produce the same result?

No; example1 drops everything to INPUT with rule 2 never being
reached, but example2 would ACCEPT packets to port 80.. although
wouldn't that be a syntax error without at least -p tcp or -p udp to
tell it that it is something that has ports?

> Or will rule2 in example 2 make rule1 in example2 vanish because it's
> telling the system to drop all?

No, rules don't affect other rules.  They may not be reached however.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

next prev parent reply	other threads:[~2005-06-15 20:10 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-06-15 20:01 When do the rule apply? Alexander Salmin
2005-06-15 20:09 ` Taylor, Grant
2005-06-15 20:10 ` Andy Smith [this message]
2005-06-15 22:26   ` Rakotomandimby (R12y) Mihamina
2005-06-16 19:48   ` R. DuFresne
2005-06-15 20:11 ` Damon Gray

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050615201007.GA754@strugglers.net \
    --to=andy@strugglers.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.