Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Short IPtables question


  • Please log in to reply
3 replies to this topic

#1 IceCreamJones

IceCreamJones

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 01 May 2017 - 02:30 PM

Hi all, can anyone help with a quick explanation of the following iptables rules?  I'm looking at my DDWRT firewall settings and trying to figure it out but these have me stumped.  Thanks!

 

-I FORWARD -o eth0 -s 192.168.1.1/24 -p tcp --dport 1723 -j logaccept 
-I FORWARD -o eth0 -s 192.168.1.1/24 -p gre -j logaccept 
-A FORWARD -i eth0 -o br0 -j TRIGGER --trigger-type in 
-A FORWARD -i br0 -j trigger_out


BC AdBot (Login to Remove)

 


#2 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:09:13 AM

Posted 02 May 2017 - 08:14 AM

Hi IceCreamJones.

 

I am not too familiar with iptables so I just did a quick search. Take a look here and check out the first answer, specifically the RedHat link at the top of the comment.

The first two may just be a line that allows internal systems to send to other internal systems. At least that is kind of what I gathered from the two seconds of reading I did. Hopefully the RedHat doc will help you out some.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#3 mremski

mremski

  • Members
  • 495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:09:13 AM

Posted 02 May 2017 - 08:16 AM

-I is "insert" the rule (usually at head of chain)

-A is append the rule (tail of chain)

FORWARD is the chain to apply it to

-o eth0 is out on eth0

-i eth0 is in on eth0

-i br0 is  in on br0

-o br0 is out on br0

-s is source address

-p is protocol

--dport is dest port

-j is jump to target (logaccept)


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#4 mremski

mremski

  • Members
  • 495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:09:13 AM

Posted 02 May 2017 - 08:19 AM

-I is "insert" the rule (usually at head of chain)

-A is append the rule (tail of chain)

FORWARD is the chain to apply it to

-o eth0 is out on eth0

-i eth0 is in on eth0

-i br0 is  in on br0

-o br0 is out on br0

-s is source address

-p is protocol

--dport is dest port

-j is jump to target (logaccept)

 

So your rules are mucking about with the FORWARD chain, anything sourced from 192.168.1.1/24 destined for TCP port 1723 is accepted and logged.

that should help you figure out what the other ones are saying and give you enough to internet search for specifics.


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users