Closed kiurchv closed 6 years ago
Then won't be better to do a check first before adding that rules or flush on the chain to remove that DROP policy? or you want to keep that drop policy?
Could you paste a sample of the case you found?
Drop policy on the FORWARD chain is a reasonable default:
# iptables -S FORWARD
-P FORWARD DROP
But we need to make an exception to this rule in order to make possible package forwarding between WiFi and outgoing interface:
# iptables -S FORWARD
-P FORWARD DROP
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
Ok, I will merge.
I think that I will probably make a commit later to remove all the iptables created at the end of the script.
In some cases, iptables
FORWARD
chain hasDROP
policy, and any packets from WiFi interface will never get to outgoing interface and vice versa. AddingFORWARD
rules explicitly should fix this issue.