Thanks for these 2 guides I now have set up in/out filtering and logging...
So, now how do I figure out which software is actually using/sending/listening to a specific port? Eg I periodically have outgoing packages on port 10694 to various IPs, how do I figure out which software is responsible for doing this? Would be quite helpful in determining what traffic to allow.
Ahh, netstat -tunap seem to do exactly what I was looking for
As far as I understand it, the second line with dropping all packets from the FIREWALL chain is never reached, because you send all packets to the TRUSTED chain before that, so there is no dropping of any other packets, because that rule is never reached by any packet.Code:iptables -A FIREWALL -j TRUSTED # Send all package to the TRUSTED chain iptables -A FIREWALL -j DROP # DROP all other packets
Or am I wrong with this assumption (I'm just starting with iptables knowledge)?
Packets are sent to the RUSTED chain where they have a chance to get allowed then they are DROPED at the end of the FIREWALL chain.
So you are a bit wrong with your assumption thinking that the DROP line is never reached. You can see this TRUSTED chain as a function or an include in standard programing language.
Oh, I see. Thanks for clarifying, because I indeed was totally wrong, which would have caused a major headache when playing around with my own iptables script.
Somehow I was in the opinion, that once sent to a user defined chain, it would never come back to the parent chain (I must have been confused by some examples working with the -j RETURN target).
Now I also can see the advantage, using your structure with FIREWALL and TRUSTED user defined chains.
i just start learning iptables and i've found this article is very useful!
however, i still don't quite understand how the chain works,
when i write some iptables rules, which rule would be applied first?
is it the first written? or..?
i hope someone can depict this for me,, please,,
at the moment i try to set up a gateway (Internet Connection Sharing) in an Ubuntu box:
i would like to know how do i integrate frodon's firewall script to the ICS script,
so far, this is my script (i found this script from https://help.ubuntu.com/community/In...way%20set%20up):
i wonder if i add the FIREWALL script, then change the word 'ACCEPT' above to word 'FIREWALL',Code:iptables -A FORWARD -i eth1 -o eth0 -s 192.168.0.0/24 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE
will the firewall script also works for the clients?Code:.. iptables -A FORWARD -i eth1 -o eth0 -s 192.168.0.0/24 -m state --state NEW -j FIREWALL ..
if it won't, how should i accomplish this?
i tried what i suggested before,
well, i can not tell if the clients are firewalled too,,
but their internet access are not blocked,,
I would in your case handle the FORWARD chain directly as you may want to have different rules for the gateway computer itself and for the forwarded internet connection.
Connection sharing is a specific topic so i think it better to handle the FORWARD chain separately to avoid confusing an unexpected behaviour.