-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of SB CH
Sent: May 28, 2002 2:21 AM
To: [EMAIL PROTECTED]
Subject: iptables rule order
Hello, netfilters!
I read that the iptables rule order is important.
In linux firewalls 2nd edition writeen by ziegler wrote like this.
1. blocking traffic rules must come before the rules allowing traffic to
specific service.
Yes, because if a rule accepts the packet, the Kernel lets it continue on.
The reject rule will never be seen by the reject rule.
2. obviously, the FTP data channel rules must come near the endof the rule
list, even thought you'd want thr rules to be near the top of the list
because FTP transfers tend to be large.
I am afraid I don't understand point 2. The amount of traffic is not
relevant.
Just what we allow or don't allow. Ftp is a special case because of
The active/passive modes. There are special modules for ftp for nat and
tracking.
But I can't understand why those orders should.
Please let me know about this reason.
Thanks in advance.
Am I off base here guys?
Stu............
_________________________________________________________________
���������� �Բ��ϴ� ���� �� ���� ������ MSN Hotmail�� ���� ������.
http://www.hotmail.com/KO
