Creating INPUT-only or OUTPUT-only rules?

  • George Joseph

    George Joseph - 2012-08-28

    I'm using Linux/iptables and looking for a way to create policy rules in fwbuilder that only apply to a single chain.  Whenever I create an "Inbound" rule, I always get INPUT and FORWARD iptables rules generated.  For "Outbound" rules I get OUTPUT and FORWARD and for "Both" rules, I get all three.   Unfortunately I have cases where I need only an INPUT (or OUTPUT or FORWARD) rule generated.

    I can get around this (kind of) by turning OFF the "Assume firewall is part of 'any'" option BUT I must then supply a rule source or destination ip address/network.  This doesn't work for un-numbered interfaces.

    Am i missing something obvious for creating a simple rule that allows access to the firewall itself but prevents forwarding?
    "-A INPUT  -i eth1  -p tcp -m tcp  -dport 22  -m state -state NEW  -j ACCEPT"
    without a corresponding
    "-A FORWARD  -i eth1  -p tcp -m tcp  -dport 22  -m state -state NEW  -j ACCEPT"

  • Vadim Kurland

    Vadim Kurland - 2012-08-28

    just put firewall object in "Destination" of the rule

  • George Joseph

    George Joseph - 2012-08-29

    Yes, but…   "Destination" creates ip based match criteria which won't work for an un-numbered interface. Fwbuilder simply skips them when it generates the rules.

  • George Joseph

    George Joseph - 2012-08-29

    Oh wait… you mean the actual "firewall" object. :)

    Yep, that worked.  So simple actually.  I just missed it.



Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks