understanding iptables rule matching
oxy
oxyopes at googlemail.com
Tue May 22 15:13:44 UTC 2012
Hi,
when i have a set of rules for ipfw, it reads the rules in
numeric order (they are numbered) and after the first
match it stops reading and executes that rule.
It means the "drop all" rule must be the last.
In iptables you can put it first and the rules will be read till
the end. If later an ACCEPT-rule is found for a packet,
how does iptables decide which rule will be dominant?
I sincerely miss a numbering system on iptables.
It would make it much faster to correlate rules from
"iptables -L" with the ones written in the config file :-/
thx ...
More information about the ubuntu-users
mailing list