iptables -FORWARD inquiry

Hey folks,

I'm trying to figure out a ruleset a wrote a while ago that I'm currently improvising.  I can't figure out for the life of me why I used something like this:

# allow packets leaving local loopback out
-A FORWARD -i lo -o eth1 -j ACCEPT

Does anyone have any clue why I would do something like this?


- sf
Who is Participating?
BlazConnect With a Mentor Commented:
This rule really looks odd. I believe there will never be a packet matching this rule unless you are doing something strange on your machine.

I believe packets would match this rule only if you were doing something like:
iptables -t nat -A PREROUTING -i lo -p tcp --dport 2023 -j DNAT

and then trying:
telnet 2023
nociConnect With a Mentor Software EngineerCommented:
iptables -nv -L FORWARD
should give you some more details if this rule is used anyway.
It is an odd rule....

If the rule is used you might want to insert a
-A FORWARD -i lo -o eth1 -j LOG ....
before it so that you can see in the syslog what rules match this one.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.