-1

I am very new in iptables. Learning to use them. I got a hang of some basic commands from https://help.ubuntu.com/community/IptablesHowTo. However, I didnt find good explanations of examples of a ruleset file which can be applied using the ip6tables-retore file. For instance could someone explain the following user-defined chain below:

*filter
:INPUT DROP 
:FORWARD DROP 
:OUTPUT DROP 
:userChain1 -

-A userChain1 -m limit --limit 4/sec -j REJECT --reject-with icmp6-port-unreachable
-A userChain1 -j DROP   

COMMIT

I understand in what context INPUT, OUTPUT and FORWARD chains are used. When will this userChain1 be used?

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
Ankur Bhatia
  • 113
  • 5

1 Answers1

0

Whenever packets are targeted/sent to it. For example by a rule like:

ip6tables -A INPUT -p tcp --dport 1:21 -j userChain1

The two rules:

-A userChain1 -m limit --limit 4/sec -j REJECT --reject-with icmp6-port-unreachable
-A userChain1 -j DROP

Means for the first 4 packets per second a response is sent, (REJECT target) and everything past that is just dropped with no response (DROP target).

Brian
  • 3,386
  • 17
  • 16
  • Thanks brian. So if I use ip6table -A INPUT -j userChain1 This will send all the incoming traffic to userChain1? Also if there is a case when a rule prior to this is matched, lets say -A INPUT -p tcp --dport 1:21 -j AnotherChain, in that case the following rule will be checked or will be ignored? – Ankur Bhatia Jun 26 '15 at 01:59