[PLUG] iptables curiosity with user defined chains.

Michael Robinson michael at robinson-west.com
Tue Apr 22 23:09:02 UTC 2003


I got a nifty idea to create two user defined chains, one for input rules and 
another for output rules, needed for a web server.  So I flush these chains
first in the init script that starts apache and proceed to propragate the 
server rules into them flushing them again when I stop the server.  I
also put lines in to cause my INPUT and OUTPUT chains in my firewall
to add these chains to their rulesets.  The only problem I've noticed 
is that the way In have it set up stopping the firewall and trying to
restart the web server first will cause it to try to flush a nonexistent
chain and then add rules to it.  If I create the user defined chains
in my apache script can I have a jump statement to an undefined chain
or should I not delete user defined chains in the master firewall script?!?
Maybe firewall stop should be a deletion of all chains followed by a flushing 
and recreation of the ones that are supposed to exist for my other scripts.
With opening the ports when I start apache I'm a little tighter 
than if I set these ports to be open all the time in my master iptables
firewall.  Now if only I could figure out how to put prerouting and forwarding
rules into user defined chains.  One of the nice things about using custom
chains is that it makes it easy to pull transient rules out of your main
firewall.

     --  Michael




More information about the PLUG mailing list