Iptables Rules Chain Important Characteristics Points


1)iptables ACCEPT Vs Drop
we can't conclude which is the highest priority.Ex : In the chain if we set rule Both ACCEPT & DROP
if ACCEPT is First then ACCEPT is the highest priority even DROP is present.
If DROP is first one then DROP is the highest priority even ACCEPT is present.
so, it is better to set the default policy.
#iptables -P INPUT ACCEPT

2)Depends on the INPUT / OUPUT chain (dport|sport) will change.
INPUT chain dport is Deny. It will automatically reflect into the OUPUT chain as sport.
3)Explain IPTABLE scenario Port number it is like door.
PC1 Port 22 is CLOSED
PC2 Port 22 is OPEN
PC2 can not access the ssh connectivity for PC1.
PC1 can send the request & access port 22 of PC2 machine .
In the other words. No one can access that port 22 of PC1.
But pc1 machine can send the request to any other machine.
4)How To Verify What are the Ports are Open & Closed
# nmap (IP-AddRESS)
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-08-22 10:21 IST
Interesting ports on
Not shown: 1664 closed ports
22/tcp open ssh
80/tcp filtered http
111/tcp open rpcbind
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
8443/tcp open https-alt
MAC Address: 70:71:BC:C3:A8:EE (Unknown)

5)IPTABLES Rules Chain Architecture
Still Doubt & Confusion unresolved Question In IPTABLES.
1)iptables NAT table How DNAT & SNAT is reacting( for Port Forwarding (or) Redirection).
2)How to Test the NAT DNAT & SNAT with example and verification.
3)what is --tcp-flags SYN,RST,ACK SYN.

Useful Links:

No comments:
Write comments