A INPUT -p tcp -m tcp -dport 22 -m conntrack -ctstate NEW,ESTABLISHED -j ACCEPT A INPUT -m conntrack -ctstate INVALID -j DROP A INPUT -m conntrack -ctstate RELATED,ESTABLISHED -j ACCEPT
In this case, will traffic actually be accepted or dropped? I see that special rules exists for ssh and http, so they would naturally take precendece, because they are more specific? # iptables -LĪCCEPT all - anywhere anywhere ctstate RELATED,ESTABLISHEDĭROP all - anywhere anywhere ctstate INVALIDĪCCEPT tcp - anywhere anywhere tcp dpt:ssh ctstate NEW,ESTABLISHEDĪCCEPT tcp - anywhere anywhere tcp dpt:http ctstate NEW,ESTABLISHEDĪCCEPT all - anywhere anywhere ctstate ESTABLISHEDĪCCEPT tcp - anywhere anywhere tcp spt:ssh ctstate ESTABLISHEDĪCCEPT tcp - anywhere anywhere tcp spt:http ctstate ESTABLISHED How is it meaningful for iptables to both have rules for ACCEPT and DROP all traffic in its INPUT chain with a default policy of DROP? How can iptables both have (ACCEPT, all, anywhere, anywhere) and (DROP, all, anywhere, anywhere) in its INPUT chain?
0 kommentar(er)
