These are iptables rules form a Linux system. Can you explain what these rules a

Question

These are iptables rules form a Linux system. Can you explain what these rules are doing?
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -I eth0 -p tcp --dport443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED-j ACCEPT
These are iptables rules form a Linux system. Can you explain what these rules are doing?
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -I eth0 -p tcp --dport443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED-j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -I eth0 -p tcp --dport443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED-j ACCEPT

Explanation / Answer

iptables is the concept of separate rule tables for different packet processing functionality. In iptables three tables are available :

filter – it is the default table . it contains actaual firewall filtering rules. The bulit in chain includes

  . INPUT

  .OUTPUT

.FORWARD

Nat- nat table contains the rules for source and destination address and port translation.

Mangle – mangle table contains rules for setting specilaized packet-routing flags.

iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

The above iptable rule specifies that ,Its accptes the incoming messages.

-A represents : appends a rule to end of the chain

INPUT – it is used for the input chain

-i – it is used for insert a rule for at the beginning of the chain

-o – for outgoing packets on either the OUTPUT or the FORWARD chains or their user-defined subchains , specifies the interface name that the rule applies to.

--dport – destination port

-sport – source port

-m – match( it as multiport , state match like estabilshed etc)

-j : specifies the target disposition for the packet if it matches thye rule.

NEW is equivalent to the initial TCP SYN request.

ESTABLISHED refers to the ongoing TCP ACK messages after the connection initiated

iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

this rule specifie that it allows the outgoing messgaes from port 80

iptables -A INPUT -I eth0 -p tcp --dport443 -m state --state NEW,ESTABLISHED -j ACCEPT

the above iptable specifies that it accept s the incoming messages.

iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED-j ACCEPT

this rule specifie that it allows the outgoing messgaes from port 443

in the above 4 rules interface is the eth0.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.