LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Do I need FORWARD-Rules?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-29-2002, 07:43 AM   #1
grubjo
LQ Newbie
 
Registered: Jul 2002
Posts: 19

Rep: Reputation: 0
Question Do I need FORWARD-Rules?

Hi, do I need specially forward-Rules when I restrict the access with input and output-rules? I think it's not neccessary because when a packet matches a rule and it's allowed to pass the internet-interface I needn't filter it by forward-rules.

Has anyone other arguments?

Bye, Hannes
 
Old 07-30-2002, 01:13 PM   #2
Ionized
Member
 
Registered: Jul 2002
Location: Chicago Suburbs
Distribution: Slackware 8.0
Posts: 51

Rep: Reputation: 15
That's my understanding. I'd think that if you have a rule under input that you wouldn't need it under forward as well....I'm not 100% sure though, I'd like to know as well
 
Old 08-01-2002, 08:19 AM   #3
Druaga
Member
 
Registered: May 2002
Location: Canada
Distribution: Slackware
Posts: 111

Rep: Reputation: 15
you should have you default policy for forwarding set to DENY though.
 
Old 08-02-2002, 12:45 AM   #4
krunkwick
Member
 
Registered: Jun 2002
Location: Memphis
Distribution: Suse 8.0 Pro
Posts: 45

Rep: Reputation: 15
Your iptables rules goes as follows:

INPUT = to anything that is addressed to the firewall itself.

OUTPUT= anything that is sent from the firewall itself.

FORWARD = anything transversing the firewall.

The FORWARD chain really comes into play in masqueraded networks. When you have clients hiding behind the linux box sharing its ipaddress.

In other words. When a packet arrives from the internet and is being addressed to one of the clients then it will go through the FORWARD chain. When a client sends a packet back out it will go through the FORWARD chain again.

INPUT and OUTPUT would be for packets coming in and going from the linux box itself.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Block FORWARD Rules Manuel-H Linux - Security 1 01-21-2005 11:06 PM
I want .forward to not forward attachments nigelj12 Linux - Software 1 09-30-2004 03:13 PM
cant see .forward file in home directory >> mail forward/copy steve_babbage Linux - Newbie 0 03-02-2004 06:25 AM
iptables forward rules -x-Ed-x- Linux - Security 3 09-24-2002 02:51 AM
Viruses, ipchains, dynamic rules, rules with regular expressions marktaff Linux - Security 2 09-25-2001 04:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:58 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration