Is possible to configure multiple interfaces in one rule in/out for default and custom chains?
by danm_user from LinuxQuestions.org on (#5H4AA)
Hi all,
I'm having the following scenario:
- multiple custom chains;
- multiple default chains rules that points to those custom chains;
Below is an example:
Chain INPUT (policy ACCEPT)
num pkts bytes target prot opt in out source destination
1 0 0 DanM_test1 all -- eth2 * 0.0.0.0/0 0.0.0.0/0
2 0 0 DanM_test1 all -- lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num pkts bytes target prot opt in out source destination
1 0 0 DanM_test2 all -- vlan350 * 0.0.0.0/0 0.0.0.0/0
2 0 0 DanM_test2 all -- * vlan350 0.0.0.0/0 0.0.0.0/0
3 0 0 DanM_test2 all -- * lo 0.0.0.0/0 0.0.0.0/0
4 0 0 DanM_test3 all -- eth2 eth1 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num pkts bytes target prot opt in out source destination
Chain DanM_test1 (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 0 0 REJECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 reject-with icmp-port-unreachable
3 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
4 0 0 ACCEPT tcp -- * eth2 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
5 0 0 REJECT tcp -- * lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 reject-with icmp-port-unreachable
Chain DanM_test2 (3 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- vlan350 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain DanM_test3 (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 0 0 ACCEPT tcp -- eth0 vlan350 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
My question/questions is/are related if I can configure multiple interfaces for one rule, custom chain or default chains?
For example in custom-chain rules:
sudo iptables -A DanM_test1 -i eth1,eth2 -o eth3,eth4 -j ACCEPT -> eth1 eth2, eth3, eth4 are all different interfaces
After adding this line my iptables rules look as bellow:
Chain DanM_test1 (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 0 0 REJECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 reject-with icmp-port-unreachable
3 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
4 0 0 ACCEPT tcp -- * eth2 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
5 0 0 REJECT tcp -- * lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 reject-with icmp-port-unreachable
6 0 0 ACCEPT all -- eth1,eth2 eth3,eth4 0.0.0.0/0 0.0.0.0/0
Example for default INPUT/FORWARD chains:
sudo iptables -A FORWARD -i eth1, vlan350 -o eth3, vlan351 -j DanM_test1 -> eth1, vlan350, eth3, vlan351 are different interfaces
I'm receiving:
Bad argument `vlan350'
Try `iptables -h' or 'iptables --help' for more information.
Thank you,
Dan
I'm having the following scenario:
- multiple custom chains;
- multiple default chains rules that points to those custom chains;
Below is an example:
Chain INPUT (policy ACCEPT)
num pkts bytes target prot opt in out source destination
1 0 0 DanM_test1 all -- eth2 * 0.0.0.0/0 0.0.0.0/0
2 0 0 DanM_test1 all -- lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num pkts bytes target prot opt in out source destination
1 0 0 DanM_test2 all -- vlan350 * 0.0.0.0/0 0.0.0.0/0
2 0 0 DanM_test2 all -- * vlan350 0.0.0.0/0 0.0.0.0/0
3 0 0 DanM_test2 all -- * lo 0.0.0.0/0 0.0.0.0/0
4 0 0 DanM_test3 all -- eth2 eth1 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num pkts bytes target prot opt in out source destination
Chain DanM_test1 (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 0 0 REJECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 reject-with icmp-port-unreachable
3 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
4 0 0 ACCEPT tcp -- * eth2 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
5 0 0 REJECT tcp -- * lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 reject-with icmp-port-unreachable
Chain DanM_test2 (3 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- vlan350 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain DanM_test3 (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 0 0 ACCEPT tcp -- eth0 vlan350 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
My question/questions is/are related if I can configure multiple interfaces for one rule, custom chain or default chains?
For example in custom-chain rules:
sudo iptables -A DanM_test1 -i eth1,eth2 -o eth3,eth4 -j ACCEPT -> eth1 eth2, eth3, eth4 are all different interfaces
After adding this line my iptables rules look as bellow:
Chain DanM_test1 (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 0 0 REJECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 reject-with icmp-port-unreachable
3 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
4 0 0 ACCEPT tcp -- * eth2 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
5 0 0 REJECT tcp -- * lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 reject-with icmp-port-unreachable
6 0 0 ACCEPT all -- eth1,eth2 eth3,eth4 0.0.0.0/0 0.0.0.0/0
Example for default INPUT/FORWARD chains:
sudo iptables -A FORWARD -i eth1, vlan350 -o eth3, vlan351 -j DanM_test1 -> eth1, vlan350, eth3, vlan351 are different interfaces
I'm receiving:
Bad argument `vlan350'
Try `iptables -h' or 'iptables --help' for more information.
Thank you,
Dan