Results 1 to 5 of 5

Thread: IPtables Script Import Order

  1. #1
    Join Date
    Dec 2008
    Beans
    79
    Distro
    Ubuntu

    IPtables Script Import Order

    I have a script that is several hundred lines long full of iptables rules (I've spent way too much time on this, and had far too much fun testing it) but when I run the script, the rules go in wrong - that is, when I do...
    Code:
    iptables -vnL
    The order (being that iptables starts at the top of the chain and works its way down) is out of order, but it's ordered properly in the script. Is there something I can do to fix this easily?

    Here's a comparison... [ see attachments ]

    So, though the rules in the script are ordered properly, when I run the script the Jump to ACCEPTED is listed BEFORE the logging rules. Why is this?
    Attached Images Attached Images
    Where there's a will, there's a way.

    Doing something fun in Linux? Stuck somewhere and bent on solving it yourself? Give Calomel some lovin' over here.

  2. #2
    Join Date
    Dec 2008
    Beans
    79
    Distro
    Ubuntu

    Re: IPtables Script Import Order

    Another, asside question... How the heck do I change the default logging location of iptables? I don't want it logging to /var/log/syslog... I want it logging to /var/log/iptables.log
    Thoughts?
    Where there's a will, there's a way.

    Doing something fun in Linux? Stuck somewhere and bent on solving it yourself? Give Calomel some lovin' over here.

  3. #3
    Join Date
    Jan 2006
    Beans
    2,031

    Re: IPtables Script Import Order

    You are using -I instead of -A to insert your rules. -I is an insert command, -A is append. Rules are being inserted at the beginning of every chain, instead of being appended to the end of the chain.

    I'm not entirely sure if iptables allows you to change it's logging location. However, you can use --log-level and --log-prefix to help format your log messages, and then use rsyslog rules to redirect all output into /var/log/iptables.log.

    P.S. If you are going to advise people in your signature to read the ******* manual, which is against the spirit of these forums, I'd advise you to do the same.
    Last edited by dfreer; April 4th, 2012 at 06:01 PM.

  4. #4
    Join Date
    Dec 2008
    Beans
    79
    Distro
    Ubuntu

    Re: IPtables Script Import Order

    You're absolutely right - I'm using -A in all rules except the block I posted and I cannot believe I missed that! Thanks for pointing it out.

    Problem solved - that was indeed the issue for that set of rules.
    Where there's a will, there's a way.

    Doing something fun in Linux? Stuck somewhere and bent on solving it yourself? Give Calomel some lovin' over here.

  5. #5
    Join Date
    Mar 2008
    Location
    Back to India
    Beans
    278
    Distro
    Ubuntu Gnome 14.04 Trusty Tahr

    Re: IPtables Script Import Order

    Your script looks very interesting and it looks like that you have actually invested a lot of time to that.
    Can you add your script here so that others can also appreciate and learn from your deep and hard working.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •