Книга: Iptables Tutorial 1.2.2
OUTPUT chain
OUTPUT chain
Since I know that there is pretty much no one but me using this box which is partially used as a Firewall and a workstation currently, I allow almost everything that goes out from it that has a source address $LOCALHOST_IP, $LAN_IP or $STATIC_IP. Everything else might be spoofed in some fashion, even though I doubt anyone that I know would do it on my box. Last of all we log everything that gets dropped. If it does get dropped, we will most definitely want to know about it so we may take action against the problem. Either it is a nasty error, or it is a weird packet that is spoofed. Finally we DROP the packet in the default policy.
Оглавление статьи/книги
- Configuration options
- Initial loading of extra modules
- proc set up
- Displacement of rules to different chains
- Setting up default policies
- Setting up user specified chains in the filter table
- INPUT chain
- FORWARD chain
- OUTPUT chain
- PREROUTING chain of the nat table
- Starting SNAT and the POSTROUTING chain
Похожие страницы
- Displacement of rules to different chains
- FORWARD chain
- Chapter 6. Traversing of tables and chains
- User specified chains
- Setting up user specified chains in the filter table
- INPUT chain
- PREROUTING chain of the nat table
- Starting SNAT and the POSTROUTING chain
- 3.2.5.2 Lock chaining
- 4.11. ipchains
- 4.11.2. Примеры добавления ipchains-правил
- 4.11.3. Примеры удаления ipchains-правил