Home / server / Questions / 342205
In Process
colemik
Asked: 2011-12-19 18:55:00 +0800 CST

How does a packet traverse from one local process to another local process in the following iptables graph?

  • 772

I've found the following iptables chart: Iptables chart How does the packet traverse iptables tables when the packet is sent from one local process to another local process?

Regards.

iptables process local

1 Answers

  1. The packet will traverse the left side of the diagram. Packets are only processed by the forward chains when they are received from and external source and not destined for an address on the local machine (and, of course, you have ip_forward enabled).

    Something I find interested when writing rules to affect local processes is that even if you send a TCP connect to the IP address of an Ethernet interface (say, eth0) it will be sent in and out of the loopback device. So the following rule would not stop local processes from connecting to port 4000 on the address bound to eth0.

    iptables -A INPUT -i eth0 -p tcp --dport 4000 -j REJECT

    Just as the following rule would only stop local processes from connecting to port 4000 on the address bound to eth0, but not from other hosts:

    iptables -A INPUT -i lo -p tcp --dport 4000 -j REJECT

    Granted this is all moot if the process listens on 0.0.0.0 as you can just connect to 127.0.0.1 :-)

    • 1