|
I've looked in all the HOWTO's etc
I'm writing iptables rules for the configure script.
I would like at the top of the script to output some
standard rules to the usual chains and to a chain
called (say) LVS. At the end will be the default
policy rules (eg DROP/REJECT)
Then somewhere in the middle of the script I will be generating rules
based on the services. The rules will look like
"accept http packets addressed to the VIP and put this rule
into the LVS chain"
It seems that I have only a few choices about adding these
rules, not all of which will work.
1. when I generate the rule with -A (add) the rule will
be put on the end of my standard list of rules (which I
generated early in the script)
I expect that if I do this, that the packet will traverse
the rules in the order they were entered and will be
DROPed/REJECTed by the standard rules before seeing the
rules for services. Is this correct?
2. If I insert (-I) the rule into the LVS list, I can only
do this by inserting at line number rather than to a name
label. If I change the number of rules in the standard block
later, then the rule set will/may break. Is this true?
3. I could just start with an empty chain called SERVICES
and add at line 1 in that. That would appear to work
Any suggestions?
Thanks Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
