13,420
edits
Changes
no edit summary
'''There are some important point to note regarding iptables from the above diagram:'''
:*There are <u>two sets</u> of IPtables rules that apply: '''OUTPUT/INPUT on the client''' and '''INPUT/OUTPUT on the server'''.<br>It is important to think about from the perspective from the client as well as the server.
:* Outbound traffic from a server (like a response to the Firefox web-browser from the web-server) is rarely blocked <u>unless</u> there is a security policy to <u>prevent</u> some kind of traffic. Even in that case, that security policy is usually performed on a router (this is a topic which will be discussed later in this course).
:* Inbound traffic is of two distinct types, in our diagram we have both:*::# New incoming connections (what you normally think of as inbound traffic): the web server receives a new incoming connection.*::# Incoming data that's a response to a request: the web page that the server sent back in the diagram above.* ::# We normally don't want to do anything special for the response. It's a safe assumption that a connection that was allowed to be established should be allowed to receive a response. This is accomplished with the following INPUT chain rule that should be there by default on your machines:<br><br>
<pre>ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED</pre>
* Rules are applied to chains (e.g. input/output), protocols (e.g. tcp/udp/icmp), and ports (e.g. 22, 80, 443).
*# For the request the source port (sport) is 40112 and the destination port (dport) is 80