From: Jeffrey Laramie <JALaramie@Loudoun-Fairfax.com>
To: Netfilter List <netfilter@lists.netfilter.org>
Subject: Re: simple questions to finally understand netfilter
Date: 27 Nov 2003 12:17:25 -0500 [thread overview]
Message-ID: <1069953444.2690.24.camel@JeffHome.Trans-Star> (raw)
In-Reply-To: <1069949657.9126.55.camel@webmail.aeropostal.com.ve>
On Thu, 2003-11-27 at 11:14, Juan Hernandez wrote:
> Another question...
>
> On Thu, 2003-11-27 at 12:04, Ralf Spenneberg wrote:
> > Am Don, 2003-11-27 um 16.41 schrieb Juan Hernandez:
> >
> > > 1) This rule tells netfilter to drop any packet forwarding I guess
> > > iptables -P FORWARD DROP
> > This is a default rule. All packets not accepted or dropped by other
> > rules will be dropped by this one.
>
> If this drops everything else, how come there's access to the webserver
> in that same machine?? It's not that I dont want it, its just that im
> curious on what does this rule drops exactly cause I can still access my
> webserver
>
When you say same machine to do mean the same box as the firewall? The
rules you have are for forwarding packets to other machines. To filter
traffic going to the firewall box you need to have rules on your INPUT
chain.
Jeff
next prev parent reply other threads:[~2003-11-27 17:17 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-27 15:41 simple questions to finally understand netfilter Juan Hernandez
2003-11-27 16:04 ` Ralf Spenneberg
2003-11-27 16:08 ` Juan Hernandez
2003-11-27 16:14 ` Juan Hernandez
2003-11-27 10:33 ` Jamie Pratt
2003-11-27 17:17 ` Jeffrey Laramie [this message]
2003-11-27 17:49 ` Ralf Spenneberg
2003-11-27 17:53 ` Juan Hernandez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1069953444.2690.24.camel@JeffHome.Trans-Star \
--to=jalaramie@loudoun-fairfax.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox