Firewall Wizards mailing list archives
Re: Is the order of the rules entered in iptables important?
From: "Anton J Aylward, CISSP" <aja () si on ca>
Date: 05 Aug 2002 08:14:43 -0400
You should also check Brent Chapman's papers and the O'Reilly book he co-authored with Elizabeth Zwicky. Brent found that some routers try to optimize their filter rules and do so in such a way that results in untoward effects. I don't know which volume will be available to you, but in mine its in a section: Choosing a filtering Packet Router It should apply rules in the order specified. See if the problems he describes with the optimizations would apply to you. On Sun, 2002-08-04 at 23:14, David Lang wrote:
there are a few firewalls that apply rules in a 'best fit' strategy rather then in order. Raptor (now Symantec Enterprise Firewall) is one example that does this. there was a debate on the pros and cons of this a year or so ago. David Lang On Thu, 1 Aug 2002, Christopher Hicks wrote:On Thu, 1 Aug 2002, Kenny G. Dubuisson, Jr. wrote:does the order in which rules are added for an iptables table matter?Yes. I'm not aware of many firewall ruleset system where the order doesn't matter.
-- Anton J Aylward, CISSP | http://groups.yahoo.com/group/ITTMG-Canada System Integrity | http://www.isc2.org InfoSec Consulting | http://www.issa-intl.org Voice: (416) 497-0201 | http://www.issa-toronto.org mailto:aja () si on ca | _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Is the order of the rules entered in iptables important? Kenny G. Dubuisson, Jr. (Aug 01)
- Re: Is the order of the rules entered in iptables important? Christopher Hicks (Aug 01)
- Re: Is the order of the rules entered in iptables important? David Lang (Aug 05)
- Re: Is the order of the rules entered in iptables important? Anton J Aylward, CISSP (Aug 05)
- Re: Is the order of the rules entered in iptables important? David Lang (Aug 05)
- Re: Is the order of the rules entered in iptables important? David Lang (Aug 05)
- Re: Is the order of the rules entered in iptables important? Christopher Hicks (Aug 01)
- <Possible follow-ups>
- Fw: Is the order of the rules entered in iptables important? Kenny G. Dubuisson, Jr. (Aug 01)
- Re: Fw: Is the order of the rules entered in iptables important? rob . roberson (Aug 01)