understanding iptables

**toloykhan** · October 7th, 2010

hello every one here,
I dont know if this is the right place

I have an issue with iptables... i am trying to understand how iptables works I was downloaded the iptables tutorial 1.2.2 and read it but still have some problemes understanding the whole rule set (code)...
I used fwbuilder to generate the code for me for study issue but as i said i have problem to figureout the nine rule set
in fwbuilder i select: new firewall>> iptable firewall software & linux 2.4/2.6 OS >> and i use preconfigure templets firewall object (/usr/share/fwbuilder-3.0.7/templates.xml )>> templet 2>>
and i just want to understand the fires rule set with breif explanation
and this is the code generated by the firewall builder :
# Rule 0 (eth0)
#
echo "Rule 0 (eth0)"
#
# anti spoofing rule
#
$IPTABLES -N In_RULE_0
test -n "$i_eth0" && $IPTABLES -A INPUT -i eth0 -s $i_eth0 -m state --state NEW -j In_RULE_0
$IPTABLES -A INPUT -i eth0 -s 192.168.1.1 -m state --state NEW -j In_RULE_0
$IPTABLES -A INPUT -i eth0 -s 192.168.1.0/24 -m state --state NEW -j In_RULE_0
test -n "$i_eth0" && $IPTABLES -A FORWARD -i eth0 -s $i_eth0 -m state --state NEW -j In_RULE_0
$IPTABLES -A FORWARD -i eth0 -s 192.168.1.1 -m state --state NEW -j In_RULE_0
$IPTABLES -A FORWARD -i eth0 -s 192.168.1.0/24 -m state --state NEW -j In_RULE_0
$IPTABLES -A In_RULE_0 -j LOG --log-level info --log-prefix "RULE 0 -- DENY "
$IPTABLES -A In_RULE_0 -j DROP

help me understanding this or give me liks to follow.... thanx

**sikander3786** · October 7th, 2010

Did you go through this page?

https://help.ubuntu.com/community/IptablesHowTo

**toloykhan** · October 7th, 2010

thanx mr. sikander3786 this is realy more illustrated than the tutorial book .... i will read throgh it slowly and if any troubes appear to me i will be back here in a moment...

thanx

**BkkBonanza** · October 7th, 2010

These rules above just filter out any packets that come from outside your LAN but claim to be sourced from inside, assuming 192.168.1.0/24 is your LAN.

First they create a new table, then they add a few rules to detect packets coming in eth0 with LAN sourced addresses and send them to that table. In that table the packets are logged and dropped.

I have no idea why they add two of each rule since the second of each set covers the source address of the first. It's probably just a result of code redundancy that generates both when one will work.

Kind of lame names too. They could name the table SPOOF instead of In_RULE_0 and put more descriptive text in the LOG entries. Probably because they don't expect anyone to read the rules.

**CharlesA** · October 7th, 2010

Also check here.

**toloykhan** · October 10th, 2010

Originally Posted by BkkBonanza

Kind of lame names too. They could name the table SPOOF instead of In_RULE_0 and put more descriptive text in the LOG entries. Probably because they don't expect anyone to read the rules.

sorry for being late but I was too busy last days...
thanx master... the naming is just in the generated code but in the fwbuilder interface the the naming and the label is done right .... and for the first matter you show i am try to figure out why is that