Answer the question
In order to leave comments, you need to log in
T
T
T_y_l_e_r2016-11-15 13:27:25
T_y_l_e_r, 2016-11-15 13:27:25
What does this iptables rule do?
Can you help me figure out what this rule does?
# Generated by iptables-save v1.4.7
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [52839:6255656]
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp -s 188.163.11.25 --sport 1191 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -o eth0 -p udp -m udp -d 188.163.11.25 --dport 1191 -j ACCEPT
-A OUTPUT -o wlan0 -p udp -m udp -d 188.163.11.25 --dport 1191 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -j REJECT --reject-with icmp-host-prohibited
COMMITOnly the request is very precise, it is important.
1 answer(s)
@T_y_l_e_r
M
mureevms, 2016-11-15 @T_y_l_e_r
- :INPUT ACCEPT[0:0]
Rules 1, 2 and 3 set the default policies to ACCEPT. Those. if the packet does not fall into any of the rules below it, then it falls into one of these three.
4. Allows all incoming packets from the lo interface
5. Allows incoming packets in the RELATED,ESTABLISHED state only from the remote host 188.163.11.25 and only on port 1191\UDP
6. Allows incoming packets in the RELATED,ESTABLISHED state only from the tun0 interface
7. All other incoming packets are dropped with the message host is prohibited (icmp-host-prohibited)
8. All transit packets are dropped with the message host is prohibited
9. Allows outgoing packets from interface eth0 to remote host 188.163.11.25 and port 1191\UDP
10. Similar to 9, only from interface wlan0
11. Allows all outgoing packets from the tun0 interface
12. Drops all other outgoing packets with the message host denied
Similar questions
A
A
S
D
Z
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question