[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 244
  • Last Modified:

iptables -FORWARD inquiry

Hey folks,

I'm trying to figure out a ruleset a wrote a while ago that I'm currently improvising.  I can't figure out for the life of me why I used something like this:

# allow packets leaving local loopback out
-A FORWARD -i lo -o eth1 -j ACCEPT

Does anyone have any clue why I would do something like this?


- sf
2 Solutions
This rule really looks odd. I believe there will never be a packet matching this rule unless you are doing something strange on your machine.

I believe packets would match this rule only if you were doing something like:
iptables -t nat -A PREROUTING -i lo -p tcp --dport 2023 -j DNAT

and then trying:
telnet 2023
nociSoftware EngineerCommented:
iptables -nv -L FORWARD
should give you some more details if this rule is used anyway.
It is an odd rule....

If the rule is used you might want to insert a
-A FORWARD -i lo -o eth1 -j LOG ....
before it so that you can see in the syslog what rules match this one.

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now