Iptables Question
Jack Bowling
jbinpg at shaw.ca
Sat Jun 2 00:55:32 UTC 2007
On Fri, Jun 01, 2007 at 09:58:16AM -0400, Rashkae wrote:
> Waqas Toor wrote:
> > Hello Ubuntuers,
> >
> > i have written a script to setup a firewall for me
> >
> > the script is
> > ====================================
> > #! /bin/bash
> >
> > #blocking every thing
> >
> > /sbin/iptables -A INPUT -p all -j DROP
> > /sbin/iptables -A FORWARD -p all -j DROP
> >
> > #allowing only my MACs
> >
> > for MAC in `cat ./macclist`
> > do
> > /sbin/iptables -A INPUT -m mac --mac-source $MAC -p all -j ACCEPT
> > /sbin/iptables -A INPUT -m mac --mac-source $MAC -j ACCEPT
> > done
> >
>
> A Packet will travel to the first rule it matches. In this case, your
> first matching rule is -A INPUT -p all and the action is DROP, end of line.
<snip>
As well, it is considered bad form for any firewall bash script to not
clear the existing tables before loading their own.
Jack
More information about the ubuntu-users
mailing list