CINXE.COM

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <title>Dissecting an iptables Rule | exit's /dev/urandom blog</title> <link rel="profile" href="http://gmpg.org/xfn/11" /> <link rel="pingback" href="https://ascending.wordpress.com/xmlrpc.php" /> <meta name='robots' content='max-image-preview:large' /> <link rel='dns-prefetch' href='//s1.wp.com' /> <link rel='dns-prefetch' href='//s0.wp.com' /> <link rel='dns-prefetch' href='//s2.wp.com' /> <link rel='dns-prefetch' href='//af.pubmine.com' /> <link rel='dns-prefetch' href='//s.pubmine.com' /> <link rel='dns-prefetch' href='//x.bidswitch.net' /> <link rel='dns-prefetch' href='//static.criteo.net' /> <link rel='dns-prefetch' href='//ib.adnxs.com' /> <link rel='dns-prefetch' href='//aax.amazon-adsystem.com' /> <link rel='dns-prefetch' href='//bidder.criteo.com' /> <link rel='dns-prefetch' href='//cas.criteo.com' /> <link rel='dns-prefetch' href='//gum.criteo.com' /> <link rel='dns-prefetch' href='//ads.pubmatic.com' /> <link rel='dns-prefetch' href='//gads.pubmatic.com' /> <link rel='dns-prefetch' href='//tpc.googlesyndication.com' /> <link rel='dns-prefetch' href='//ad.doubleclick.net' /> <link rel='dns-prefetch' href='//googleads.g.doubleclick.net' /> <link rel='dns-prefetch' href='//www.googletagservices.com' /> <link rel='dns-prefetch' href='//cdn.switchadhub.com' /> <link rel='dns-prefetch' href='//delivery.g.switchadhub.com' /> <link rel='dns-prefetch' href='//delivery.swid.switchadhub.com' /> <link rel='dns-prefetch' href='//a.teads.tv' /> <link rel='dns-prefetch' href='//prebid.media.net' /> <link rel='dns-prefetch' href='//adserver-us.adtech.advertising.com' /> <link rel='dns-prefetch' href='//fastlane.rubiconproject.com' /> <link rel='dns-prefetch' href='//prebid-server.rubiconproject.com' /> <link rel='dns-prefetch' href='//hb-api.omnitagjs.com' /> <link rel='dns-prefetch' href='//mtrx.go.sonobi.com' /> <link rel='dns-prefetch' href='//apex.go.sonobi.com' /> <link rel='dns-prefetch' href='//u.openx.net' /> <link rel="alternate" type="application/rss+xml" title="exit's /dev/urandom blog » Feed" href="https://ascending.wordpress.com/feed/" /> <link rel="alternate" type="application/rss+xml" title="exit's /dev/urandom blog » Comments Feed" href="https://ascending.wordpress.com/comments/feed/" /> <script type="text/javascript"> /* <![CDATA[ */ function addLoadEvent(func) { var oldonload = window.onload; if (typeof window.onload != 'function') { window.onload = func; } else { window.onload = function () { oldonload(); func(); } } } /* ]]> */ </script> <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s0.wp.com\/wp-content\/mu-plugins\/wpcom-smileys\/twemoji\/2\/72x72\/","ext":".png","svgUrl":"https:\/\/s0.wp.com\/wp-content\/mu-plugins\/wpcom-smileys\/twemoji\/2\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/s2.wp.com\/wp-includes\/js\/wp-emoji-release.min.js?m=1719498190i&ver=6.7.2-RC1-59780"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <link crossorigin='anonymous' rel='stylesheet' id='all-css-0-1' href='https://s0.wp.com/_static/??-eJyFkF0OgkAMhC/kWpAYfDGeZWHrutL9Ce1KuL1AjERN8HHa+WbSwpBUG4NgEGgoWpUoWxcYhtgbbRgsxUbTvmXewT/vsvRJ1OPwA/i82p2xKAyYp23sHCrSA8wkaUEGlpFwK+COknTbvTRwDuCjyTSxPc4ZRqXI8qW2Esl1uOYuavtkr/sOxQWrGt3DZP2cbHW5cHXByQhyQz+1pty8PzdzF38u66oui1NxrO5PWmGczw==&cssminify=yes' type='text/css' media='all' /> <style id='wp-emoji-styles-inline-css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-2-1' href='https://s0.wp.com/_static/??-eJydzDEOwyAMheELFQxRpExRzwIEWaQEkG1acfukXbp16Pj09P3wairUIrEItNwxFQbs1/SR8HoownMy2ugJfE95A59reKicPDkawDJy1IH5Bj9DH8WwR2nuzd2oXRRS2v5NkJNUkL/8fqx2mY0xs7XLfgIv0E++&cssminify=yes' type='text/css' media='all' /> <style id='wp-block-library-inline-css'> .has-text-align-justify { text-align:justify; } .has-text-align-justify{text-align:justify;} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-4-1' href='https://s2.wp.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpoZmFkYGRuZGmQBAHPvL0Y=&cssminify=yes' type='text/css' media='all' /> <style id='jetpack-sharing-buttons-style-inline-css'> .jetpack-sharing-buttons__services-list{display:flex;flex-direction:row;flex-wrap:wrap;gap:0;list-style-type:none;margin:5px;padding:0}.jetpack-sharing-buttons__services-list.has-small-icon-size{font-size:12px}.jetpack-sharing-buttons__services-list.has-normal-icon-size{font-size:16px}.jetpack-sharing-buttons__services-list.has-large-icon-size{font-size:24px}.jetpack-sharing-buttons__services-list.has-huge-icon-size{font-size:36px}@media print{.jetpack-sharing-buttons__services-list{display:none!important}}.editor-styles-wrapper .wp-block-jetpack-sharing-buttons{gap:0;padding-inline-start:0}ul.jetpack-sharing-buttons__services-list.has-background{padding:1.25em 2.375em} </style> <style id='classic-theme-styles-inline-css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-8-1' href='https://s2.wp.com/_static/??-eJx9jcEKg0AMRH+oaVhorR7Eb9E16IpZg8min2889FZ6GYbhPQYPgbhlo2zIBWQtU8qKcdvJd5be0AmmMfW0Ejv2jKoP/K0daZzIXNdvB6PzvyJ+A8MgO6mCJ6fCYLN/6e113IZXU9WfUL/DcgHSTkDo&cssminify=yes' type='text/css' media='all' /> <style id='global-styles-inline-css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--font-family--albert-sans: 'Albert Sans', sans-serif;--wp--preset--font-family--alegreya: Alegreya, serif;--wp--preset--font-family--arvo: Arvo, serif;--wp--preset--font-family--bodoni-moda: 'Bodoni Moda', serif;--wp--preset--font-family--bricolage-grotesque: 'Bricolage Grotesque', sans-serif;--wp--preset--font-family--cabin: Cabin, sans-serif;--wp--preset--font-family--chivo: Chivo, sans-serif;--wp--preset--font-family--commissioner: Commissioner, sans-serif;--wp--preset--font-family--cormorant: Cormorant, serif;--wp--preset--font-family--courier-prime: 'Courier Prime', monospace;--wp--preset--font-family--crimson-pro: 'Crimson Pro', serif;--wp--preset--font-family--dm-mono: 'DM Mono', monospace;--wp--preset--font-family--dm-sans: 'DM Sans', sans-serif;--wp--preset--font-family--dm-serif-display: 'DM Serif Display', serif;--wp--preset--font-family--domine: Domine, serif;--wp--preset--font-family--eb-garamond: 'EB Garamond', serif;--wp--preset--font-family--epilogue: Epilogue, sans-serif;--wp--preset--font-family--fahkwang: Fahkwang, sans-serif;--wp--preset--font-family--figtree: Figtree, sans-serif;--wp--preset--font-family--fira-sans: 'Fira Sans', sans-serif;--wp--preset--font-family--fjalla-one: 'Fjalla One', sans-serif;--wp--preset--font-family--fraunces: Fraunces, serif;--wp--preset--font-family--gabarito: Gabarito, system-ui;--wp--preset--font-family--ibm-plex-mono: 'IBM Plex Mono', monospace;--wp--preset--font-family--ibm-plex-sans: 'IBM Plex Sans', sans-serif;--wp--preset--font-family--ibarra-real-nova: 'Ibarra Real Nova', serif;--wp--preset--font-family--instrument-serif: 'Instrument Serif', serif;--wp--preset--font-family--inter: Inter, sans-serif;--wp--preset--font-family--josefin-sans: 'Josefin Sans', sans-serif;--wp--preset--font-family--jost: Jost, sans-serif;--wp--preset--font-family--libre-baskerville: 'Libre Baskerville', serif;--wp--preset--font-family--libre-franklin: 'Libre Franklin', sans-serif;--wp--preset--font-family--literata: Literata, serif;--wp--preset--font-family--lora: Lora, serif;--wp--preset--font-family--merriweather: Merriweather, serif;--wp--preset--font-family--montserrat: Montserrat, sans-serif;--wp--preset--font-family--newsreader: Newsreader, serif;--wp--preset--font-family--noto-sans-mono: 'Noto Sans Mono', sans-serif;--wp--preset--font-family--nunito: Nunito, sans-serif;--wp--preset--font-family--open-sans: 'Open Sans', sans-serif;--wp--preset--font-family--overpass: Overpass, sans-serif;--wp--preset--font-family--pt-serif: 'PT Serif', serif;--wp--preset--font-family--petrona: Petrona, serif;--wp--preset--font-family--piazzolla: Piazzolla, serif;--wp--preset--font-family--playfair-display: 'Playfair Display', serif;--wp--preset--font-family--plus-jakarta-sans: 'Plus Jakarta Sans', sans-serif;--wp--preset--font-family--poppins: Poppins, sans-serif;--wp--preset--font-family--raleway: Raleway, sans-serif;--wp--preset--font-family--roboto: Roboto, sans-serif;--wp--preset--font-family--roboto-slab: 'Roboto Slab', serif;--wp--preset--font-family--rubik: Rubik, sans-serif;--wp--preset--font-family--rufina: Rufina, serif;--wp--preset--font-family--sora: Sora, sans-serif;--wp--preset--font-family--source-sans-3: 'Source Sans 3', sans-serif;--wp--preset--font-family--source-serif-4: 'Source Serif 4', serif;--wp--preset--font-family--space-mono: 'Space Mono', monospace;--wp--preset--font-family--syne: Syne, sans-serif;--wp--preset--font-family--texturina: Texturina, serif;--wp--preset--font-family--urbanist: Urbanist, sans-serif;--wp--preset--font-family--work-sans: 'Work Sans', sans-serif;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;}.has-albert-sans-font-family{font-family: var(--wp--preset--font-family--albert-sans) !important;}.has-alegreya-font-family{font-family: var(--wp--preset--font-family--alegreya) !important;}.has-arvo-font-family{font-family: var(--wp--preset--font-family--arvo) !important;}.has-bodoni-moda-font-family{font-family: var(--wp--preset--font-family--bodoni-moda) !important;}.has-bricolage-grotesque-font-family{font-family: var(--wp--preset--font-family--bricolage-grotesque) !important;}.has-cabin-font-family{font-family: var(--wp--preset--font-family--cabin) !important;}.has-chivo-font-family{font-family: var(--wp--preset--font-family--chivo) !important;}.has-commissioner-font-family{font-family: var(--wp--preset--font-family--commissioner) !important;}.has-cormorant-font-family{font-family: var(--wp--preset--font-family--cormorant) !important;}.has-courier-prime-font-family{font-family: var(--wp--preset--font-family--courier-prime) !important;}.has-crimson-pro-font-family{font-family: var(--wp--preset--font-family--crimson-pro) !important;}.has-dm-mono-font-family{font-family: var(--wp--preset--font-family--dm-mono) !important;}.has-dm-sans-font-family{font-family: var(--wp--preset--font-family--dm-sans) !important;}.has-dm-serif-display-font-family{font-family: var(--wp--preset--font-family--dm-serif-display) !important;}.has-domine-font-family{font-family: var(--wp--preset--font-family--domine) !important;}.has-eb-garamond-font-family{font-family: var(--wp--preset--font-family--eb-garamond) !important;}.has-epilogue-font-family{font-family: var(--wp--preset--font-family--epilogue) !important;}.has-fahkwang-font-family{font-family: var(--wp--preset--font-family--fahkwang) !important;}.has-figtree-font-family{font-family: var(--wp--preset--font-family--figtree) !important;}.has-fira-sans-font-family{font-family: var(--wp--preset--font-family--fira-sans) !important;}.has-fjalla-one-font-family{font-family: var(--wp--preset--font-family--fjalla-one) !important;}.has-fraunces-font-family{font-family: var(--wp--preset--font-family--fraunces) !important;}.has-gabarito-font-family{font-family: var(--wp--preset--font-family--gabarito) !important;}.has-ibm-plex-mono-font-family{font-family: var(--wp--preset--font-family--ibm-plex-mono) !important;}.has-ibm-plex-sans-font-family{font-family: var(--wp--preset--font-family--ibm-plex-sans) !important;}.has-ibarra-real-nova-font-family{font-family: var(--wp--preset--font-family--ibarra-real-nova) !important;}.has-instrument-serif-font-family{font-family: var(--wp--preset--font-family--instrument-serif) !important;}.has-inter-font-family{font-family: var(--wp--preset--font-family--inter) !important;}.has-josefin-sans-font-family{font-family: var(--wp--preset--font-family--josefin-sans) !important;}.has-jost-font-family{font-family: var(--wp--preset--font-family--jost) !important;}.has-libre-baskerville-font-family{font-family: var(--wp--preset--font-family--libre-baskerville) !important;}.has-libre-franklin-font-family{font-family: var(--wp--preset--font-family--libre-franklin) !important;}.has-literata-font-family{font-family: var(--wp--preset--font-family--literata) !important;}.has-lora-font-family{font-family: var(--wp--preset--font-family--lora) !important;}.has-merriweather-font-family{font-family: var(--wp--preset--font-family--merriweather) !important;}.has-montserrat-font-family{font-family: var(--wp--preset--font-family--montserrat) !important;}.has-newsreader-font-family{font-family: var(--wp--preset--font-family--newsreader) !important;}.has-noto-sans-mono-font-family{font-family: var(--wp--preset--font-family--noto-sans-mono) !important;}.has-nunito-font-family{font-family: var(--wp--preset--font-family--nunito) !important;}.has-open-sans-font-family{font-family: var(--wp--preset--font-family--open-sans) !important;}.has-overpass-font-family{font-family: var(--wp--preset--font-family--overpass) !important;}.has-pt-serif-font-family{font-family: var(--wp--preset--font-family--pt-serif) !important;}.has-petrona-font-family{font-family: var(--wp--preset--font-family--petrona) !important;}.has-piazzolla-font-family{font-family: var(--wp--preset--font-family--piazzolla) !important;}.has-playfair-display-font-family{font-family: var(--wp--preset--font-family--playfair-display) !important;}.has-plus-jakarta-sans-font-family{font-family: var(--wp--preset--font-family--plus-jakarta-sans) !important;}.has-poppins-font-family{font-family: var(--wp--preset--font-family--poppins) !important;}.has-raleway-font-family{font-family: var(--wp--preset--font-family--raleway) !important;}.has-roboto-font-family{font-family: var(--wp--preset--font-family--roboto) !important;}.has-roboto-slab-font-family{font-family: var(--wp--preset--font-family--roboto-slab) !important;}.has-rubik-font-family{font-family: var(--wp--preset--font-family--rubik) !important;}.has-rufina-font-family{font-family: var(--wp--preset--font-family--rufina) !important;}.has-sora-font-family{font-family: var(--wp--preset--font-family--sora) !important;}.has-source-sans-3-font-family{font-family: var(--wp--preset--font-family--source-sans-3) !important;}.has-source-serif-4-font-family{font-family: var(--wp--preset--font-family--source-serif-4) !important;}.has-space-mono-font-family{font-family: var(--wp--preset--font-family--space-mono) !important;}.has-syne-font-family{font-family: var(--wp--preset--font-family--syne) !important;}.has-texturina-font-family{font-family: var(--wp--preset--font-family--texturina) !important;}.has-urbanist-font-family{font-family: var(--wp--preset--font-family--urbanist) !important;}.has-work-sans-font-family{font-family: var(--wp--preset--font-family--work-sans) !important;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-10-1' href='https://s2.wp.com/wp-content/themes/pub/contempt/style.css?m=1448660486i&cssminify=yes' type='text/css' media='all' /> <style id='akismet-widget-style-inline-css'> .a-stats { --akismet-color-mid-green: #357b49; --akismet-color-white: #fff; --akismet-color-light-grey: #f6f7f7; max-width: 350px; width: auto; } .a-stats * { all: unset; box-sizing: border-box; } .a-stats strong { font-weight: 600; } .a-stats a.a-stats__link, .a-stats a.a-stats__link:visited, .a-stats a.a-stats__link:active { background: var(--akismet-color-mid-green); border: none; box-shadow: none; border-radius: 8px; color: var(--akismet-color-white); cursor: pointer; display: block; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen-Sans', 'Ubuntu', 'Cantarell', 'Helvetica Neue', sans-serif; font-weight: 500; padding: 12px; text-align: center; text-decoration: none; transition: all 0.2s ease; } /* Extra specificity to deal with TwentyTwentyOne focus style */ .widget .a-stats a.a-stats__link:focus { background: var(--akismet-color-mid-green); color: var(--akismet-color-white); text-decoration: none; } .a-stats a.a-stats__link:hover { filter: brightness(110%); box-shadow: 0 4px 12px rgba(0, 0, 0, 0.06), 0 0 2px rgba(0, 0, 0, 0.16); } .a-stats .count { color: var(--akismet-color-white); display: block; font-size: 1.5em; line-height: 1.4; padding: 0 13px; white-space: nowrap; } </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-12-1' href='https://s1.wp.com/_static/??-eJzTLy/QTc7PK0nNK9HPLdUtyClNz8wr1i9KTcrJTwcy0/WTi5G5ekCujj52Temp+bo5+cmJJZn5eSgc3bScxMwikFb7XFtDE1NLExMLc0OTLACohS2q&cssminify=yes' type='text/css' media='all' /> <link crossorigin='anonymous' rel='stylesheet' id='print-css-13-1' href='https://s1.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035i&cssminify=yes' type='text/css' media='print' /> <style id='jetpack-global-styles-frontend-style-inline-css'> :root { --font-headings: unset; --font-base: unset; --font-headings-default: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",sans-serif; --font-base-default: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",sans-serif;} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-16-1' href='https://s0.wp.com/_static/??-eJyNjcsKQjEMBX/ImlsQry7ET5GahrbXNCmmRfx7H7gRN+7OwGEGbs2hSifpUIdrPFIRg4V6C3j5MNgQqBoHk4HlcKUYYry/Z5G0RrMV/C06FUEwxRLYsSa1L/iR9Uz1mc0bSKznwK/DsR787Kd5P/ntbnkAuNBIYA==&cssminify=yes' type='text/css' media='all' /> <script type="text/javascript" id="jetpack_related-posts-js-extra"> /* <![CDATA[ */ var related_posts_js_options = {"post_heading":"h4"}; /* ]]> */ </script> <script type="text/javascript" id="wpcom-actionbar-placeholder-js-extra"> /* <![CDATA[ */ var actionbardata = {"siteID":"641345","postID":"200","siteURL":"http:\/\/ascending.wordpress.com","xhrURL":"https:\/\/ascending.wordpress.com\/wp-admin\/admin-ajax.php","nonce":"c2c47bea42","isLoggedIn":"","statusMessage":"","subsEmailDefault":"instantly","proxyScriptUrl":"https:\/\/s0.wp.com\/wp-content\/js\/wpcom-proxy-request.js?ver=20211021","shortlink":"https:\/\/wp.me\/p2GQh-3e","i18n":{"followedText":"New posts from this site will now appear in your <a href=\"https:\/\/wordpress.com\/reader\">Reader<\/a>","foldBar":"Collapse this bar","unfoldBar":"Expand this bar","shortLinkCopied":"Shortlink copied to clipboard."}}; /* ]]> */ </script> <script type="text/javascript" id="jetpack-mu-wpcom-settings-js-before"> /* <![CDATA[ */ var JETPACK_MU_WPCOM_SETTINGS = {"assetsUrl":"https:\/\/s1.wp.com\/wp-content\/mu-plugins\/jetpack-mu-wpcom-plugin\/sun\/jetpack_vendor\/automattic\/jetpack-mu-wpcom\/src\/build\/"}; /* ]]> */ </script> <script crossorigin='anonymous' type='text/javascript' src='https://s0.wp.com/_static/??-eJx9T9EKwjAM/CGzokX3JH6KbG0pnW1ak9a5v7eyITpRCBxJLncXMSZwqHzRhsVQ61oMTQs0wWEz8Eb8I0Fwlrps3skqYjaYvwXHpGKARPE+AZk647y+CQWSL9ZhvTU5deqy9IILinPNIfrivBZkfLXVkCJn/ux+ZCGfZ+/1rvfRvlzHSLrTDMp3zPPDKiRx2z0BMCJYnahKnMJx20rZHvZSyuEB9Jl63g=='></script> <script type="text/javascript" id="rlt-proxy-js-after"> /* <![CDATA[ */ rltInitialize( {"token":null,"iframeOrigins":["https:\/\/widgets.wp.com"]} ); /* ]]> */ </script> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://ascending.wordpress.com/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress.com" /> <link rel="canonical" href="https://ascending.wordpress.com/2007/05/29/dissecting-an-iptables-rule/" /> <link rel='shortlink' href='https://wp.me/p2GQh-3e' /> <link rel="alternate" type="application/json+oembed" href="https://public-api.wordpress.com/oembed/?format=json&url=https%3A%2F%2Fascending.wordpress.com%2F2007%2F05%2F29%2Fdissecting-an-iptables-rule%2F&for=wpcom-auto-discovery" /><link rel="alternate" type="application/xml+oembed" href="https://public-api.wordpress.com/oembed/?format=xml&url=https%3A%2F%2Fascending.wordpress.com%2F2007%2F05%2F29%2Fdissecting-an-iptables-rule%2F&for=wpcom-auto-discovery" />  <meta property="og:type" content="article" /> <meta property="og:title" content="Dissecting an iptables Rule" /> <meta property="og:url" content="https://ascending.wordpress.com/2007/05/29/dissecting-an-iptables-rule/" /> <meta property="og:description" content="IPTables is a tool for firewall / fine-grained packet manipulation on Linux systems. After reading this great tutorial, I decided to try something more interesting (root is required): iptables -A F…" /> <meta property="article:published_time" content="2007-05-29T19:05:49+00:00" /> <meta property="article:modified_time" content="2007-05-29T19:08:28+00:00" /> <meta property="og:site_name" content="exit's /dev/urandom blog" /> <meta property="og:image" content="https://s0.wp.com/i/blank.jpg" /> <meta property="og:image:alt" content="" /> <meta property="og:locale" content="en_US" /> <meta property="fb:app_id" content="249643311490" /> <meta property="article:publisher" content="https://www.facebook.com/WordPresscom" /> <meta name="twitter:text:title" content="Dissecting an iptables Rule" /> <meta name="twitter:card" content="summary" />  <link rel="shortcut icon" type="image/x-icon" href="https://s1.wp.com/i/favicon.ico" sizes="16x16 24x24 32x32 48x48" /> <link rel="icon" type="image/x-icon" href="https://s1.wp.com/i/favicon.ico" sizes="16x16 24x24 32x32 48x48" /> <link rel="apple-touch-icon" href="https://s2.wp.com/i/webclip.png" /> <link rel='openid.server' href='https://ascending.wordpress.com/?openidserver=1' /> <link rel='openid.delegate' href='https://ascending.wordpress.com/' /> <link rel="search" type="application/opensearchdescription+xml" href="https://ascending.wordpress.com/osd.xml" title="exit's /dev/urandom blog" /> <link rel="search" type="application/opensearchdescription+xml" href="https://s1.wp.com/opensearch.xml" title="WordPress.com" /> <meta name="description" content="IPTables is a tool for firewall / fine-grained packet manipulation on Linux systems. After reading this great tutorial, I decided to try something more interesting (root is required): iptables -A FORWARD -p tcp ––syn -s 192.168.1.34 ––dport ! 80 -m connlimit ––connlimit-above 5 -j DROP Let's take this word-by-word and explain what this rule means:…" /> <style type="text/css"> #headerimg{ background: url(https://ascending.wordpress.com/wp-content/uploads/2009/01/headnin21.jpg) no-repeat; } #header h1 a, .description { color:#214f82; } </style> <script type="text/javascript"> /* <![CDATA[ */ var wa_smart = { 'network_id': 3905, 'site_id': 474853, 'page_id': 1572546, 'blog_id': 641345, 'post_id': 200, 'theme': 'pub/contempt', 'target': 'wp_blog_id=641345;language=en', '_': { 'title': 'Advertisement', 'privacy_settings': 'Privacy Settings' }, 'top': { 'enabled': false, 'format_id': 135099 }, 'inline': { 'enabled': true, 'format_id': 110354, 'max_slots': 20, 'max_blaze_slots': 20 }, 'belowpost': { 'enabled': false, 'format_id': 134071 }, 'bottom_sticky': { 'enabled': false, 'format_id': 117571 }, 'sidebar': { 'enabled': false, 'format_id': 134686 }, 'sidebar_sticky_right': { 'enabled': false, 'format_id': 135281 }, 'gutenberg_rectangle': { 'enabled': false, 'format_id': 134788 }, 'gutenberg_leaderboard': { 'enabled': false, 'format_id': 135073 }, 'gutenberg_mobile_leaderboard': { 'enabled': false, 'format_id': 135098 }, 'gutenberg_skyscraper': { 'enabled': false, 'format_id': 135088 }, 'sidebar_widget_mediumrectangle': { 'enabled': false, 'format_id': 137624 }, 'sidebar_widget_leaderboard': { 'enabled': false, 'format_id': 137625 }, 'sidebar_widget_wideskyscraper': { 'enabled': false, 'format_id': 137626 }, 'shortcode': { 'enabled': false, 'format_id': 137678 } }; wa_smart.cmd = []; /* ]]> */ </script> <script type="text/javascript"> function __ATA_CC() {var v = document.cookie.match('(^|;) ?personalized-ads-consent=([^;]*)(;|$)');return v ? 1 : 0;} var __ATA_PP = { 'pt': 1, 'ht': 0, 'tn': 'contempt', 'uloggedin': 0, 'amp': false, 'consent': __ATA_CC(), 'gdpr_applies': false, 'ad': { 'label': { 'text': 'Advertisements' }, 'reportAd': { 'text': 'Report this ad' } }, 'disabled_slot_formats': [ 'IAD' ], 'siteid': 8982, 'blogid': 641345 }; var __ATA = __ATA || {}; __ATA.cmd = __ATA.cmd || []; __ATA.criteo = __ATA.criteo || {}; __ATA.criteo.cmd = __ATA.criteo.cmd || []; </script> <script type="text/javascript"> (function(){var g=Date.now||function(){return+new Date};function h(a,b){a:{for(var c=a.length,d="string"==typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a)){b=e;break a}b=-1}return 0>b?null:"string"==typeof a?a.charAt(b):a[b]};function k(a,b,c){c=null!=c?"="+encodeURIComponent(String(c)):"";if(b+=c){c=a.indexOf("#");0>c&&(c=a.length);var d=a.indexOf("?");if(0>d||d>c){d=c;var e=""}else e=a.substring(d+1,c);a=[a.substr(0,d),e,a.substr(c)];c=a[1];a[1]=b?c?c+"&"+b:b:c;a=a[0]+(a[1]?"?"+a[1]:"")+a[2]}return a};var l=0;function m(a,b){var c=document.createElement("script");c.src=a;c.onload=function(){b&&b(void 0)};c.onerror=function(){b&&b("error")};a=document.getElementsByTagName("head");var d;a&&0!==a.length?d=a[0]:d=document.documentElement;d.appendChild(c)}function n(a){var b=void 0===b?document.cookie:b;return(b=h(b.split("; "),function(c){return-1!=c.indexOf(a+"=")}))?b.split("=")[1]:""}function p(a){return"string"==typeof a&&0<a.length} function r(a,b,c){b=void 0===b?"":b;c=void 0===c?".":c;var d=[];Object.keys(a).forEach(function(e){var f=a[e],q=typeof f;"object"==q&&null!=f||"function"==q?d.push(r(f,b+e+c)):null!==f&&void 0!==f&&(e=encodeURIComponent(b+e),d.push(e+"="+encodeURIComponent(f)))});return d.filter(p).join("&")}function t(a,b){a||((window.__ATA||{}).config=b.c,m(b.url))}var u=Math.floor(1E13*Math.random()),v=window.__ATA||{};window.__ATA=v;window.__ATA.cmd=v.cmd||[];v.rid=u;v.createdAt=g();var w=window.__ATA||{},x="s.pubmine.com"; w&&w.serverDomain&&(x=w.serverDomain);var y="//"+x+"/conf",z=window.top===window,A=window.__ATA_PP&&window.__ATA_PP.gdpr_applies,B="boolean"===typeof A?Number(A):null,C=window.__ATA_PP||null,D=z?document.referrer?document.referrer:null:null,E=z?window.location.href:document.referrer?document.referrer:null,F,G=n("__ATA_tuuid");F=G?G:null;var H=window.innerWidth+"x"+window.innerHeight,I=n("usprivacy"),J=r({gdpr:B,pp:C,rid:u,src:D,ref:E,tuuid:F,vp:H,us_privacy:I?I:null},"","."); (function(a){var b=void 0===b?"cb":b;l++;var c="callback__"+g().toString(36)+"_"+l.toString(36);a=k(a,b,c);window[c]=function(d){t(void 0,d)};m(a,function(d){d&&t(d)})})(y+"?"+J);}).call(this); </script> <script> var sas_fallback = sas_fallback || []; sas_fallback.push( { tag: "<div id="atatags-26942-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-26942-{{unique_id}}\',location: 120,formFactor: \'001\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'belowpost' }, { tag: "<div id="atatags-26942-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-26942-{{unique_id}}\',location: 310,formFactor: \'001\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'inline' }, { tag: "<div id="atatags-26942-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-26942-{{unique_id}}\',location: 140,formFactor: \'003\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'sidebar' }, { tag: "<div id="atatags-26942-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-26942-{{unique_id}}\',location: 110,formFactor: \'002\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'top' } ); </script> <script type="text/javascript"> window.doNotSellCallback = function() { var linkElements = [ 'a[href="https://wordpress.com/?ref=footer_blog"]', 'a[href="https://wordpress.com/?ref=footer_website"]', 'a[href="https://wordpress.com/?ref=vertical_footer"]', 'a[href^="https://wordpress.com/?ref=footer_segment_"]', ].join(','); var dnsLink = document.createElement( 'a' ); dnsLink.href = 'https://wordpress.com/advertising-program-optout/'; dnsLink.classList.add( 'do-not-sell-link' ); dnsLink.rel = 'nofollow'; dnsLink.style.marginLeft = '0.5em'; dnsLink.textContent = 'Do Not Sell or Share My Personal Information'; var creditLinks = document.querySelectorAll( linkElements ); if ( 0 === creditLinks.length ) { return false; } Array.prototype.forEach.call( creditLinks, function( el ) { el.insertAdjacentElement( 'afterend', dnsLink ); }); return true; }; </script> <script type="text/javascript"> window.google_analytics_uacct = "UA-52447-2"; </script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-52447-2']); _gaq.push(['_gat._anonymizeIp']); _gaq.push(['_setDomainName', 'wordpress.com']); _gaq.push(['_initData']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(ga); })(); </script> </head> <body class="post-template-default single single-post postid-200 single-format-standard customizer-styles-applied jetpack-reblog-enabled has-marketing-bar has-marketing-bar-theme-contempt"> <div id="page"> <div id="header"> <div id="headerimg" onclick="location.href='https://ascending.wordpress.com';" style="cursor: pointer;"> <h1><a href="https://ascending.wordpress.com/">exit’s /dev/urandom blog</a></h1> <div class="description">                                             birds came flying from the underground</div> </div> </div> <ul id="pagebar" class="menu pagebar"><li ><a href="https://ascending.wordpress.com/">Home</a></li><li class="page_item page-item-2"><a href="https://ascending.wordpress.com/about/">About</a></li> <li class="page_item page-item-20"><a href="https://ascending.wordpress.com/code/">Code</a></li> <li class="page_item page-item-98"><a href="https://ascending.wordpress.com/movies/">Movies</a></li> </ul> <div id="grad" style="height: 65px; width: 100%; background: url(https://s2.wp.com/wp-content/themes/pub/contempt/images/blue_flower/topgrad.jpg);"> </div> <div id="content" class="widecolumn"> <div class="post-200 post type-post status-publish format-standard hentry category-linux category-programming category-shell category-technology" id="post-200"> <h2>Dissecting an iptables Rule</h2> <div class="entry"> <p><a href="http://en.wikipedia.org/wiki/Iptables">IPTables</a> is a tool for firewall / fine-grained packet manipulation on Linux systems. After reading <a href="http://www.justlinux.com/nhf/Security/IPtables_Basics.html">this great tutorial</a>, I decided to try something more interesting (<code>root</code> is required):</p> <blockquote><p>iptables -A FORWARD -p tcp ––syn -s 192.168.1.34 ––dport ! 80 -m connlimit ––connlimit-above 5 -j DROP</p></blockquote> <p>Let’s take this word-by-word and explain what this rule means:</p> <p><span id="more-200"></span></p> <ul> <li><code>-A</code><br /> This is the action we want to perform. It may be <code>-A</code> for append (add), <code>-D</code> for delete, <code>-L</code> for list, and some other ones I’ll let the man-page explain.</li> <li><code>FORWARD</code><br /> This is the <em>chain</em> we want to perform the action upon. What’s a chain? It’s a path packets travel inside your computer / router. There are at least two: <code>INPUT</code> for packets entering, <code>OUTPUT</code> for packets going out. The <code>FORWARD</code> chain is present if you use NAT / Port Forwarding.</li> <li><code>-p tcp</code><br /> This is the protocol we filter packets by. Most of the time, it will be <code>TCP</code>. However, there are other <a href="http://en.wikipedia.org/wiki/Internet_protocol_suite">protocols</a>, like <code>UDP</code>.</li> <li><code>––syn</code><br /> This means we want to catch packets with the <code>SYN/ACK</code> flag. In more accessible language, these packets are used to <em>initiate</em> connections. So if you may block them to secure your system!</li> <li><code>-s 192.168.1.34</code><br /> This tells <code>iptables</code> to act upon packets with the source (<code>-s</code>) or destination (<code>-d</code>) specified. For ways to specify entire blocks / ranges of addresses, see the man-page.</li> <li><code>––dport ! 80</code><br /> This instructs the program to set up this rule for packets traveling on all ports, except <code>80</code> (which is for WWW). A nice way to use <code>!</code>-s like in C, huh?</li> <li><code>-m connlimit ––connlimit-above 5</code><br /> We tell <code>iptables</code> to <em>match</em> (<code>-m</code>) packets using the <code>connlimit</code> module. Further, we use a switch particular to <code>connlimit</code>, instructing it to match all packets beyond the limit of 5 connections.</li> <li><code>-j DROP</code><br /> This tells <code>iptables</code> what to do with the packets we spent so much valuable time collecting. Amongst the possible actions are <code>ACCEPT</code> to pass the packets along and <code>DROP</code> to get rid of them silently. There are others, check the man-page.</li> </ul> <p>So what have we achieved? For all ports except <code>80</code>, we limit the number of connections to 5. Peer-to-peer network users won’t be too happy :evil: Web browsing will continue to be fast, as we don’t touch any port-80 packet. Pretty nice for a one-line command, isn’t it?</p> <p>But the fun isn’t over yet! Here’s how to list the rules:</p> <ul> <li><code>iptables -L</code><br /> The Keep-It-Simple-Stupid (minimal) version.</li> <li><code>iptables -L -v</code><br /> You also get to know how many packets / bytes has each rule matched.</li> <li><code>iptables -L -v ––line-number</code><br /> Each rule is preceded by its number (you’ll see why this matters in a moment).<br /> There’s something funny about how these long switches are implemented, because even this works:<br /> <code>iptables -L -v ––lin</code><br /> (<code>––lin</code> instead of the awkward <code>––line-number</code>)</li> </ul> <p>If you don’t specify a chain after the command, it lists the rules for all chains. Now, how to delete a rule? Simple:</p> <ul> <li><code>iptables -D FORWARD 9</code><br /> Means delete (<code>-D</code>) rule #9 on the <code>FORWARD</code> chain. See where the line-numbers come in?</li> <li><code>iptables -F INPUT</code><br /> Flush (<code>-F</code>) the <code>INPUT</code> chain. Delete all rules pertaining to it.</li> <li>(see the man-page for more)</li> </ul> <p>If this is not enough to get you up and running with IPTables, the <a href="http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=iptables">man-page</a> is always your friend. And so is <a href="http://www.google.com/search?q=iptables">Google</a> (not always, but this time it is (-; )</p> <div id="atatags-370373-67ba7c20a0669"> <script type="text/javascript"> __ATA.cmd.push(function() { __ATA.initVideoSlot('atatags-370373-67ba7c20a0669', { sectionId: '370373', format: 'inread' }); }); </script> </div><span id="wordads-inline-marker" style="display: none;"></span> <div id="atatags-26942-67ba7c20a06b1"></div> <script> __ATA.cmd.push(function() { __ATA.initDynamicSlot({ id: 'atatags-26942-67ba7c20a06b1', location: 120, formFactor: '001', label: { text: 'Advertisements', }, creative: { reportAd: { text: 'Report this ad', }, privacySettings: { text: 'Privacy', } } }); }); </script><div id="jp-post-flair" class="sharedaddy sd-like-enabled sd-sharing-enabled"><div class="sharedaddy sd-sharing-enabled"><div class="robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing"><h3 class="sd-title">Share this:</h3><div class="sd-content"><ul><li class="share-facebook"><a rel="nofollow noopener noreferrer" data-shared="sharing-facebook-200" class="share-facebook sd-button share-icon" href="https://ascending.wordpress.com/2007/05/29/dissecting-an-iptables-rule/?share=facebook" target="_blank" title="Click to share on Facebook" ><span>Facebook</span></a></li><li class="share-x"><a rel="nofollow noopener noreferrer" data-shared="sharing-x-200" class="share-x sd-button share-icon" href="https://ascending.wordpress.com/2007/05/29/dissecting-an-iptables-rule/?share=x" target="_blank" title="Click to share on X" ><span>X</span></a></li><li class="share-end"></li></ul></div></div></div><div class='sharedaddy sd-block sd-like jetpack-likes-widget-wrapper jetpack-likes-widget-unloaded' id='like-post-wrapper-641345-200-67ba7c20a0bff' data-src='//widgets.wp.com/likes/index.html?ver=20250223#blog_id=641345&post_id=200&origin=ascending.wordpress.com&obj_id=641345-200-67ba7c20a0bff' data-name='like-post-frame-641345-200-67ba7c20a0bff' data-title='Like or Reblog'><div class='likes-widget-placeholder post-likes-widget-placeholder' style='height: 55px;'><span class='button'><span>Like</span></span> <span class='loading'>Loading...</span></div><span class='sd-text-color'></span><a class='sd-link-color'></a></div> <div id='jp-relatedposts' class='jp-relatedposts' > <h3 class="jp-relatedposts-headline"><em>Related</em></h3> </div></div> <p class="postmetadata alt"> <small> This entry was posted on Tuesday, May 29th, 2007 at 21:05 and is filed under <a href="https://ascending.wordpress.com/category/linux/" rel="category tag">Linux</a>, <a href="https://ascending.wordpress.com/category/programming/" rel="category tag">Programming</a>, <a href="https://ascending.wordpress.com/category/shell/" rel="category tag">Shell</a>, <a href="https://ascending.wordpress.com/category/technology/" rel="category tag">Technology</a>. You can follow any responses to this entry through the <a href='https://ascending.wordpress.com/2007/05/29/dissecting-an-iptables-rule/feed/'>RSS 2.0</a> feed. Both comments and pings are currently closed. </small> </p> <nav id="nav-below"> <h3 class="assistive-text">Post navigation</h3> <span class="nav-previous"><a href="https://ascending.wordpress.com/2007/05/29/basket-in-peril/" rel="prev">« Previous Post</a></span> <span class="nav-next"><a href="https://ascending.wordpress.com/2007/05/30/you-label-me-i-label-you/" rel="next">Next Post »</a></span> </nav> </div> </div> <div id="comments"> <p class="nocomments">Comments are closed.</p> </div> </div> <div id="sidebar"> <ul> <li id="text-324368362" class="widget widget_text"><h2 class="widgettitle">Blog Archived</h2> <div class="textwidget">I have moved to <a href="http://thirld.com/blog/">thirld.com/blog</a>.</div> </li> <li id="tag_cloud-2" class="widget widget_tag_cloud"><h2 class="widgettitle">ingredients</h2> <div style="overflow: hidden;"><a href="https://ascending.wordpress.com/category/blogging/" style="font-size: 116.23711340206%; padding: 1px; margin: 1px;" title="Blogging (25)">Blogging</a> <a href="https://ascending.wordpress.com/category/books/" style="font-size: 172.16494845361%; padding: 1px; margin: 1px;" title="Books (56)">Books</a> <a href="https://ascending.wordpress.com/category/funny/" style="font-size: 119.84536082474%; padding: 1px; margin: 1px;" title="Funny (27)">Funny</a> <a href="https://ascending.wordpress.com/category/kde/" style="font-size: 110.82474226804%; padding: 1px; margin: 1px;" title="KDE (22)">KDE</a> <a href="https://ascending.wordpress.com/category/learning/" style="font-size: 128.86597938144%; padding: 1px; margin: 1px;" title="Learning (32)">Learning</a> <a href="https://ascending.wordpress.com/category/life/" style="font-size: 204.63917525773%; padding: 1px; margin: 1px;" title="Life (74)">Life</a> <a href="https://ascending.wordpress.com/category/linux/" style="font-size: 172.16494845361%; padding: 1px; margin: 1px;" title="Linux (56)">Linux</a> <a href="https://ascending.wordpress.com/category/moldova/" style="font-size: 121.64948453608%; padding: 1px; margin: 1px;" title="Moldova (28)">Moldova</a> <a href="https://ascending.wordpress.com/category/poetry/" style="font-size: 109.0206185567%; padding: 1px; margin: 1px;" title="Poetry (21)">Poetry</a> <a href="https://ascending.wordpress.com/category/programming/" style="font-size: 148.71134020619%; padding: 1px; margin: 1px;" title="Programming (43)">Programming</a> <a href="https://ascending.wordpress.com/category/random/" style="font-size: 275%; padding: 1px; margin: 1px;" title="Random (113)">Random</a> <a href="https://ascending.wordpress.com/category/romanian/" style="font-size: 119.84536082474%; padding: 1px; margin: 1px;" title="Romanian (27)">Romanian</a> <a href="https://ascending.wordpress.com/category/shell/" style="font-size: 109.0206185567%; padding: 1px; margin: 1px;" title="Shell (21)">Shell</a> <a href="https://ascending.wordpress.com/category/technology/" style="font-size: 100%; padding: 1px; margin: 1px;" title="Technology (16)">Technology</a> <a href="https://ascending.wordpress.com/category/thoughts/" style="font-size: 244.32989690722%; padding: 1px; margin: 1px;" title="Thoughts (96)">Thoughts</a> <a href="https://ascending.wordpress.com/category/writing/" style="font-size: 145.10309278351%; padding: 1px; margin: 1px;" title="Writing (41)">Writing</a> </div></li> <li id="text-324368361" class="widget widget_text"><h2 class="widgettitle">alter egos</h2> <div class="textwidget"><ul style="margin:0;padding:0;"><li><a href="http://www.last.fm/user/exit3219/">Last.fm</a></li> <li><a href="http://www.librarything.com/catalog/ascending">LibraryThing</a></li> <li><a href="http://www.flickr.com/photos/bacovia/">Flickr</a></li> </ul></div> </li> <li id="linkcat-1356" class="widget widget_links"><h2 class="widgettitle">Blogroll</h2> <ul class='xoxo blogroll'> <li><a href="http://liquidat.wordpress.com/" title="Mostly KDE and Linux">/home/liquidat</a></li> <li><a href="http://railean.net/" title="Here be raliens">Area51</a></li> <li><a href="http://indigested.wordpress.com/" title="în “dig” este “d”">INDIGESTED</a></li> <li><a href="http://lifeinstillmode.blogspot.com/" title="photos… taken the way they are, as they are, un-manufactured, un-adulterated, un-modified, un-interrupted">Life In Still Mode</a></li> <li><a href="http://ilovemint.wordpress.com/" title="I like to shock people.">Lose Your Dreams and You Will Lose Your Mind</a></li> <li><a href="http://postsecret.blogspot.com/">PostSecret</a></li> <li><a href="http://randomvandal.wordpress.com/" title="What people take out of these images is purely in the eye of the beholder.">Random Vandal</a></li> </ul> </li> <li id="archives-2" class="widget widget_archive"><h2 class="widgettitle">archives</h2> <ul> <li><a href='https://ascending.wordpress.com/2011/08/'>August 2011</a></li> <li><a href='https://ascending.wordpress.com/2011/02/'>February 2011</a></li> <li><a href='https://ascending.wordpress.com/2010/01/'>January 2010</a></li> <li><a href='https://ascending.wordpress.com/2009/12/'>December 2009</a></li> <li><a href='https://ascending.wordpress.com/2009/09/'>September 2009</a></li> <li><a href='https://ascending.wordpress.com/2009/08/'>August 2009</a></li> <li><a href='https://ascending.wordpress.com/2009/06/'>June 2009</a></li> <li><a href='https://ascending.wordpress.com/2009/05/'>May 2009</a></li> <li><a href='https://ascending.wordpress.com/2009/03/'>March 2009</a></li> <li><a href='https://ascending.wordpress.com/2009/02/'>February 2009</a></li> <li><a href='https://ascending.wordpress.com/2009/01/'>January 2009</a></li> <li><a href='https://ascending.wordpress.com/2008/12/'>December 2008</a></li> <li><a href='https://ascending.wordpress.com/2008/10/'>October 2008</a></li> <li><a href='https://ascending.wordpress.com/2008/09/'>September 2008</a></li> <li><a href='https://ascending.wordpress.com/2008/08/'>August 2008</a></li> <li><a href='https://ascending.wordpress.com/2008/07/'>July 2008</a></li> <li><a href='https://ascending.wordpress.com/2008/06/'>June 2008</a></li> <li><a href='https://ascending.wordpress.com/2008/05/'>May 2008</a></li> <li><a href='https://ascending.wordpress.com/2008/04/'>April 2008</a></li> <li><a href='https://ascending.wordpress.com/2008/03/'>March 2008</a></li> <li><a href='https://ascending.wordpress.com/2008/02/'>February 2008</a></li> <li><a href='https://ascending.wordpress.com/2008/01/'>January 2008</a></li> <li><a href='https://ascending.wordpress.com/2007/12/'>December 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/11/'>November 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/10/'>October 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/09/'>September 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/08/'>August 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/07/'>July 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/06/'>June 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/05/'>May 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/04/'>April 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/03/'>March 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/02/'>February 2007</a></li> <li><a href='https://ascending.wordpress.com/2007/01/'>January 2007</a></li> <li><a href='https://ascending.wordpress.com/2006/12/'>December 2006</a></li> </ul> </li> <li id="search-2" class="widget widget_search"><form method="get" id="searchform" action="https://ascending.wordpress.com/"> <div><label for="s" class="search-label">Search</label><input type="text" value="" name="s" id="s" /> <input type="submit" id="searchsubmit" value="Search" /> </div> </form></li> <li id="text-2" class="widget widget_text"><h2 class="widgettitle"> </h2> <div class="textwidget"><div style="text-align:center;"><a href='http://www.catb.org/hacker-emblem/'> <img src='https://i0.wp.com/www.catb.org/hacker-emblem/glider.png' alt='hacker emblem' /></a></div> </div> </li> <div id="atatags-286348-67ba7c20a4867"></div> <script> __ATA.cmd.push(function() { __ATA.initDynamicSlot({ id: 'atatags-286348-67ba7c20a4867', location: 140, formFactor: '003', label: { text: 'Advertisements', }, creative: { reportAd: { text: 'Report this ad', }, privacySettings: { text: 'Privacy', } } }); }); </script> </ul> </div> <div id="footer"> <p> <br /> <a href="https://wordpress.com/?ref=footer_website" rel="nofollow">Create a free website or blog at WordPress.com.</a> </p> </div> </div>  <script type="text/javascript" src="//0.gravatar.com/js/hovercards/hovercards.min.js?ver=2025087d8bf6c02970a26c6b0c26b0fcfc89796aa30f84307cffd8fd28d2bcca53dd7a" id="grofiles-cards-js"></script> <script type="text/javascript" id="wpgroho-js-extra"> /* <![CDATA[ */ var WPGroHo = {"my_hash":""}; /* ]]> */ </script> <script crossorigin='anonymous' type='text/javascript' src='https://s2.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i'></script> <script> // Initialize and attach hovercards to all gravatars ( function() { function init() { if ( typeof Gravatar === 'undefined' ) { return; } if ( typeof Gravatar.init !== 'function' ) { return; } Gravatar.profile_cb = function ( hash, id ) { WPGroHo.syncProfileData( hash, id ); }; Gravatar.my_hash = WPGroHo.my_hash; Gravatar.init( 'body', '#wp-admin-bar-my-account', { i18n: { 'Edit your profile →': 'Edit your profile →', 'View profile →': 'View profile →', 'Contact': 'Contact', 'Send money': 'Send money', 'Sorry, we are unable to load this Gravatar profile.': 'Sorry, we are unable to load this Gravatar profile.', 'Profile not found.': 'Profile not found.', 'Too Many Requests.': 'Too Many Requests.', 'Internal Server Error.': 'Internal Server Error.', }, } ); } if ( document.readyState !== 'loading' ) { init(); } else { document.addEventListener( 'DOMContentLoaded', init ); } } )(); </script> <div style="display:none"> </div> <script type="text/javascript"> ( function() { function init() { document.body.addEventListener( 'is.post-load', function() { if ( typeof __ATA.insertInlineAds === 'function' ) { __ATA.insertInlineAds(); } } ); } if ( document.readyState !== 'loading' ) { init(); } else { document.addEventListener( 'DOMContentLoaded', init ); } } )(); </script>  <script type="text/javascript"> ( function () { var setupPrivacy = function() { // Minimal Mozilla Cookie library // https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie/Simple_document.cookie_framework var cookieLib = window.cookieLib = {getItem:function(e){return e&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(e).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null},setItem:function(e,o,n,t,r,i){if(!e||/^(?:expires|max\-age|path|domain|secure)$/i.test(e))return!1;var c="";if(n)switch(n.constructor){case Number:c=n===1/0?"; expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+n;break;case String:c="; expires="+n;break;case Date:c="; expires="+n.toUTCString()}return"rootDomain"!==r&&".rootDomain"!==r||(r=(".rootDomain"===r?".":"")+document.location.hostname.split(".").slice(-2).join(".")),document.cookie=encodeURIComponent(e)+"="+encodeURIComponent(o)+c+(r?"; domain="+r:"")+(t?"; path="+t:"")+(i?"; secure":""),!0}}; // Implement IAB USP API. window.__uspapi = function( command, version, callback ) { // Validate callback. if ( typeof callback !== 'function' ) { return; } // Validate the given command. if ( command !== 'getUSPData' || version !== 1 ) { callback( null, false ); return; } // Check for GPC. If set, override any stored cookie. if ( navigator.globalPrivacyControl ) { callback( { version: 1, uspString: '1YYN' }, true ); return; } // Check for cookie. var consent = cookieLib.getItem( 'usprivacy' ); // Invalid cookie. if ( null === consent ) { callback( null, false ); return; } // Everything checks out. Fire the provided callback with the consent data. callback( { version: 1, uspString: consent }, true ); }; // Initialization. document.addEventListener( 'DOMContentLoaded', function() { // Internal functions. var setDefaultOptInCookie = function() { var value = '1YNN'; var domain = '.wordpress.com' === location.hostname.slice( -14 ) ? '.rootDomain' : location.hostname; cookieLib.setItem( 'usprivacy', value, 365 * 24 * 60 * 60, '/', domain ); }; var setDefaultOptOutCookie = function() { var value = '1YYN'; var domain = '.wordpress.com' === location.hostname.slice( -14 ) ? '.rootDomain' : location.hostname; cookieLib.setItem( 'usprivacy', value, 24 * 60 * 60, '/', domain ); }; var setDefaultNotApplicableCookie = function() { var value = '1---'; var domain = '.wordpress.com' === location.hostname.slice( -14 ) ? '.rootDomain' : location.hostname; cookieLib.setItem( 'usprivacy', value, 24 * 60 * 60, '/', domain ); }; var setCcpaAppliesCookie = function( applies ) { var domain = '.wordpress.com' === location.hostname.slice( -14 ) ? '.rootDomain' : location.hostname; cookieLib.setItem( 'ccpa_applies', applies, 24 * 60 * 60, '/', domain ); } var maybeCallDoNotSellCallback = function() { if ( 'function' === typeof window.doNotSellCallback ) { return window.doNotSellCallback(); } return false; } // Look for usprivacy cookie first. var usprivacyCookie = cookieLib.getItem( 'usprivacy' ); // Found a usprivacy cookie. if ( null !== usprivacyCookie ) { // If the cookie indicates that CCPA does not apply, then bail. if ( '1---' === usprivacyCookie ) { return; } // CCPA applies, so call our callback to add Do Not Sell link to the page. maybeCallDoNotSellCallback(); // We're all done, no more processing needed. return; } // We don't have a usprivacy cookie, so check to see if we have a CCPA applies cookie. var ccpaCookie = cookieLib.getItem( 'ccpa_applies' ); // No CCPA applies cookie found, so we'll need to geolocate if this visitor is from California. // This needs to happen client side because we do not have region geo data in our $SERVER headers, // only country data -- therefore we can't vary cache on the region. if ( null === ccpaCookie ) { var request = new XMLHttpRequest(); request.open( 'GET', 'https://public-api.wordpress.com/geo/', true ); request.onreadystatechange = function () { if ( 4 === this.readyState ) { if ( 200 === this.status ) { // Got a geo response. Parse out the region data. var data = JSON.parse( this.response ); var region = data.region ? data.region.toLowerCase() : ''; var ccpa_applies = ['california', 'colorado', 'connecticut', 'delaware', 'indiana', 'iowa', 'montana', 'new jersey', 'oregon', 'tennessee', 'texas', 'utah', 'virginia'].indexOf( region ) > -1; // Set CCPA applies cookie. This keeps us from having to make a geo request too frequently. setCcpaAppliesCookie( ccpa_applies ); // Check if CCPA applies to set the proper usprivacy cookie. if ( ccpa_applies ) { if ( maybeCallDoNotSellCallback() ) { // Do Not Sell link added, so set default opt-in. setDefaultOptInCookie(); } else { // Failed showing Do Not Sell link as required, so default to opt-OUT just to be safe. setDefaultOptOutCookie(); } } else { // CCPA does not apply. setDefaultNotApplicableCookie(); } } else { // Could not geo, so let's assume for now that CCPA applies to be safe. setCcpaAppliesCookie( true ); if ( maybeCallDoNotSellCallback() ) { // Do Not Sell link added, so set default opt-in. setDefaultOptInCookie(); } else { // Failed showing Do Not Sell link as required, so default to opt-OUT just to be safe. setDefaultOptOutCookie(); } } } }; // Send the geo request. request.send(); } else { // We found a CCPA applies cookie. if ( ccpaCookie === 'true' ) { if ( maybeCallDoNotSellCallback() ) { // Do Not Sell link added, so set default opt-in. setDefaultOptInCookie(); } else { // Failed showing Do Not Sell link as required, so default to opt-OUT just to be safe. setDefaultOptOutCookie(); } } else { // CCPA does not apply. setDefaultNotApplicableCookie(); } } } ); }; // Kickoff initialization. if ( window.defQueue && defQueue.isLOHP && defQueue.isLOHP === 2020 ) { defQueue.items.push( setupPrivacy ); } else { setupPrivacy(); } } )(); </script>  <div class="widget widget_eu_cookie_law_widget"> <div class="hide-on-button ads-active" data-hide-timeout="30" data-consent-expiration="180" id="eu-cookie-law" style="display: none" > <form method="post"> <input type="submit" value="Close and accept" class="accept" /> Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use. <br /> To find out more, including how to control cookies, see here: <a href="https://automattic.com/cookies/" rel="nofollow"> Cookie Policy </a> </form> </div> </div> <div id="actionbar" dir="ltr" style="display: none;" class="actnbr-pub-contempt actnbr-has-follow actnbr-has-actions"> <ul> <li class="actnbr-btn actnbr-hidden"> <a class="actnbr-action actnbr-actn-reblog" href=""> <svg class="gridicon gridicons-reblog" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><g><path d="M22.086 9.914L20 7.828V18c0 1.105-.895 2-2 2h-7v-2h7V7.828l-2.086 2.086L14.5 8.5 19 4l4.5 4.5-1.414 1.414zM6 16.172V6h7V4H6c-1.105 0-2 .895-2 2v10.172l-2.086-2.086L.5 15.5 5 20l4.5-4.5-1.414-1.414L6 16.172z"/></g></svg><span>Reblog</span> </a> </li> <li class="actnbr-btn actnbr-hidden"> <a class="actnbr-action actnbr-actn-follow " href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path clip-rule="evenodd" d="m4 4.5h12v6.5h1.5v-6.5-1.5h-1.5-12-1.5v1.5 10.5c0 1.1046.89543 2 2 2h7v-1.5h-7c-.27614 0-.5-.2239-.5-.5zm10.5 2h-9v1.5h9zm-5 3h-4v1.5h4zm3.5 1.5h-1v1h1zm-1-1.5h-1.5v1.5 1 1.5h1.5 1 1.5v-1.5-1-1.5h-1.5zm-2.5 2.5h-4v1.5h4zm6.5 1.25h1.5v2.25h2.25v1.5h-2.25v2.25h-1.5v-2.25h-2.25v-1.5h2.25z" fill-rule="evenodd"></path></svg> <span>Subscribe</span> </a> <a class="actnbr-action actnbr-actn-following no-display" href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path fill-rule="evenodd" clip-rule="evenodd" d="M16 4.5H4V15C4 15.2761 4.22386 15.5 4.5 15.5H11.5V17H4.5C3.39543 17 2.5 16.1046 2.5 15V4.5V3H4H16H17.5V4.5V12.5H16V4.5ZM5.5 6.5H14.5V8H5.5V6.5ZM5.5 9.5H9.5V11H5.5V9.5ZM12 11H13V12H12V11ZM10.5 9.5H12H13H14.5V11V12V13.5H13H12H10.5V12V11V9.5ZM5.5 12H9.5V13.5H5.5V12Z" fill="#008A20"></path><path class="following-icon-tick" d="M13.5 16L15.5 18L19 14.5" stroke="#008A20" stroke-width="1.5"></path></svg> <span>Subscribed</span> </a> <div class="actnbr-popover tip tip-top-left actnbr-notice" id="follow-bubble"> <div class="tip-arrow"></div> <div class="tip-inner actnbr-follow-bubble"> <ul> <li class="actnbr-sitename"> <a href="https://ascending.wordpress.com"> <img loading='lazy' alt='' src='https://s2.wp.com/i/logo/wpcom-gray-white.png' srcset='https://s2.wp.com/i/logo/wpcom-gray-white.png 1x' class='avatar avatar-50' height='50' width='50' /> exit's /dev/urandom blog </a> </li> <div class="actnbr-message no-display"></div> <form method="post" action="https://subscribe.wordpress.com" accept-charset="utf-8" style="display: none;"> <div class="actnbr-follow-count">Join 28 other subscribers</div> <div> <input type="email" name="email" placeholder="Enter your email address" class="actnbr-email-field" aria-label="Enter your email address" /> </div> <input type="hidden" name="action" value="subscribe" /> <input type="hidden" name="blog_id" value="641345" /> <input type="hidden" name="source" value="https://ascending.wordpress.com/2007/05/29/dissecting-an-iptables-rule/" /> <input type="hidden" name="sub-type" value="actionbar-follow" /> <input type="hidden" id="_wpnonce" name="_wpnonce" value="0b10040c9b" /> <div class="actnbr-button-wrap"> <button type="submit" value="Sign me up"> Sign me up </button> </div> </form> <li class="actnbr-login-nudge"> <div> Already have a WordPress.com account? <a href="https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fascending.wordpress.com%2F2007%2F05%2F29%2Fdissecting-an-iptables-rule%2F&signup_flow=account">Log in now.</a> </div> </li> </ul> </div> </div> </li> <li class="actnbr-ellipsis actnbr-hidden"> <svg class="gridicon gridicons-ellipsis" height="24" width="24" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><g><path d="M7 12c0 1.104-.896 2-2 2s-2-.896-2-2 .896-2 2-2 2 .896 2 2zm12-2c-1.104 0-2 .896-2 2s.896 2 2 2 2-.896 2-2-.896-2-2-2zm-7 0c-1.104 0-2 .896-2 2s.896 2 2 2 2-.896 2-2-.896-2-2-2z"/></g></svg> <div class="actnbr-popover tip tip-top-left actnbr-more"> <div class="tip-arrow"></div> <div class="tip-inner"> <ul> <li class="actnbr-sitename"> <a href="https://ascending.wordpress.com"> <img loading='lazy' alt='' src='https://s2.wp.com/i/logo/wpcom-gray-white.png' srcset='https://s2.wp.com/i/logo/wpcom-gray-white.png 1x' class='avatar avatar-50' height='50' width='50' /> exit's /dev/urandom blog </a> </li> <li class="actnbr-folded-follow"> <a class="actnbr-action actnbr-actn-follow " href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path clip-rule="evenodd" d="m4 4.5h12v6.5h1.5v-6.5-1.5h-1.5-12-1.5v1.5 10.5c0 1.1046.89543 2 2 2h7v-1.5h-7c-.27614 0-.5-.2239-.5-.5zm10.5 2h-9v1.5h9zm-5 3h-4v1.5h4zm3.5 1.5h-1v1h1zm-1-1.5h-1.5v1.5 1 1.5h1.5 1 1.5v-1.5-1-1.5h-1.5zm-2.5 2.5h-4v1.5h4zm6.5 1.25h1.5v2.25h2.25v1.5h-2.25v2.25h-1.5v-2.25h-2.25v-1.5h2.25z" fill-rule="evenodd"></path></svg> <span>Subscribe</span> </a> <a class="actnbr-action actnbr-actn-following no-display" href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path fill-rule="evenodd" clip-rule="evenodd" d="M16 4.5H4V15C4 15.2761 4.22386 15.5 4.5 15.5H11.5V17H4.5C3.39543 17 2.5 16.1046 2.5 15V4.5V3H4H16H17.5V4.5V12.5H16V4.5ZM5.5 6.5H14.5V8H5.5V6.5ZM5.5 9.5H9.5V11H5.5V9.5ZM12 11H13V12H12V11ZM10.5 9.5H12H13H14.5V11V12V13.5H13H12H10.5V12V11V9.5ZM5.5 12H9.5V13.5H5.5V12Z" fill="#008A20"></path><path class="following-icon-tick" d="M13.5 16L15.5 18L19 14.5" stroke="#008A20" stroke-width="1.5"></path></svg> <span>Subscribed</span> </a> </li> <li class="actnbr-signup"><a href="https://wordpress.com/start/">Sign up</a></li> <li class="actnbr-login"><a href="https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fascending.wordpress.com%2F2007%2F05%2F29%2Fdissecting-an-iptables-rule%2F&signup_flow=account">Log in</a></li> <li class="actnbr-shortlink"> <a href="https://wp.me/p2GQh-3e"> <span class="actnbr-shortlink__text">Copy shortlink</span> <span class="actnbr-shortlink__icon"><svg class="gridicon gridicons-checkmark" height="16" width="16" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><g><path d="M9 19.414l-6.707-6.707 1.414-1.414L9 16.586 20.293 5.293l1.414 1.414"/></g></svg></span> </a> </li> <li class="flb-report"> <a href="https://wordpress.com/abuse/?report_url=https://ascending.wordpress.com/2007/05/29/dissecting-an-iptables-rule/" target="_blank" rel="noopener noreferrer"> Report this content </a> </li> <li class="actnbr-reader"> <a href="https://wordpress.com/reader/blogs/641345/posts/200"> View post in Reader </a> </li> <li class="actnbr-subs"> <a href="https://subscribe.wordpress.com/">Manage subscriptions</a> </li> <li class="actnbr-fold"><a href="">Collapse this bar</a></li> </ul> </div> </div> </li> </ul> </div> <script> window.addEventListener( "load", function( event ) { var link = document.createElement( "link" ); link.href = "https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20250116"; link.type = "text/css"; link.rel = "stylesheet"; document.head.appendChild( link ); var script = document.createElement( "script" ); script.src = "https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20250204"; script.defer = true; document.body.appendChild( script ); } ); </script> <script type="text/javascript"> window.WPCOM_sharing_counts = {"https:\/\/ascending.wordpress.com\/2007\/05\/29\/dissecting-an-iptables-rule\/":200}; </script> <script type="text/javascript" src="https://s1.wp.com/wp-content/js/mobile-useragent-info.js?m=1609849039i&ver=20241018" id="mobile-useragent-info-js" defer="defer" data-wp-strategy="defer"></script> <script type="text/javascript" id="sharing-js-js-extra"> /* <![CDATA[ */ var sharing_js_options = {"lang":"en","counts":"1","is_stats_active":"1"}; /* ]]> */ </script> <script type="text/javascript" id="custom-content-types-data-js-before"> /* <![CDATA[ */ var CUSTOM_CONTENT_TYPE__INITIAL_STATE; typeof CUSTOM_CONTENT_TYPE__INITIAL_STATE === "object" || (CUSTOM_CONTENT_TYPE__INITIAL_STATE = JSON.parse(decodeURIComponent("%7B%22active%22%3Atrue%2C%22over_ride%22%3Afalse%2C%22should_show_testimonials%22%3Atrue%2C%22should_show_portfolios%22%3Atrue%7D"))); /* ]]> */ </script> <script crossorigin='anonymous' type='text/javascript' src='https://s2.wp.com/_static/??-eJx9T0sKwjAQvZDpEErpSjyKpMmQTjr52Eko3t4gguKiu/eHB0dRNqeKqcLC2avCzVMSOPLujBNl2YigQOiSqTwEucBPJ7Zvg5zHKoCtu3kjVGwOqBgLm4p/+skO09bTj4YNV5Mc434SDliLsduHg7QEd0oWlkbsQFazY7/hnm9IyQ+RUp+7xauex3maRq11eAGJq2D+'></script> <script type="text/javascript" id="sharing-js-js-after"> /* <![CDATA[ */ var windowOpen; ( function () { function matches( el, sel ) { return !! ( el.matches && el.matches( sel ) || el.msMatchesSelector && el.msMatchesSelector( sel ) ); } document.body.addEventListener( 'click', function ( event ) { if ( ! event.target ) { return; } var el; if ( matches( event.target, 'a.share-facebook' ) ) { el = event.target; } else if ( event.target.parentNode && matches( event.target.parentNode, 'a.share-facebook' ) ) { el = event.target.parentNode; } if ( el ) { event.preventDefault(); // If there's another sharing window open, close it. if ( typeof windowOpen !== 'undefined' ) { windowOpen.close(); } windowOpen = window.open( el.getAttribute( 'href' ), 'wpcomfacebook', 'menubar=1,resizable=1,width=600,height=400' ); return false; } } ); } )(); var windowOpen; ( function () { function matches( el, sel ) { return !! ( el.matches && el.matches( sel ) || el.msMatchesSelector && el.msMatchesSelector( sel ) ); } document.body.addEventListener( 'click', function ( event ) { if ( ! event.target ) { return; } var el; if ( matches( event.target, 'a.share-x' ) ) { el = event.target; } else if ( event.target.parentNode && matches( event.target.parentNode, 'a.share-x' ) ) { el = event.target.parentNode; } if ( el ) { event.preventDefault(); // If there's another sharing window open, close it. if ( typeof windowOpen !== 'undefined' ) { windowOpen.close(); } windowOpen = window.open( el.getAttribute( 'href' ), 'wpcomx', 'menubar=1,resizable=1,width=600,height=350' ); return false; } } ); } )(); /* ]]> */ </script> <script type="text/javascript"> (function () { var wpcom_reblog = { source: 'toolbar', toggle_reblog_box_flair: function (obj_id, post_id) { // Go to site selector. This will redirect to their blog if they only have one. const postEndpoint = `https://wordpress.com/post`; // Ideally we would use the permalink here, but fortunately this will be replaced with the // post permalink in the editor. const originalURL = `${ document.location.href }?page_id=${ post_id }`; const url = postEndpoint + '?url=' + encodeURIComponent( originalURL ) + '&is_post_share=true' + '&v=5'; const redirect = function () { if ( ! window.open( url, '_blank' ) ) { location.href = url; } }; if ( /Firefox/.test( navigator.userAgent ) ) { setTimeout( redirect, 0 ); } else { redirect(); } }, }; window.wpcom_reblog = wpcom_reblog; })(); </script> <iframe src='https://widgets.wp.com/likes/master.html?ver=20250223#ver=20250223&origin=https://ascending.wordpress.com' scrolling='no' id='likes-master' name='likes-master' style='display:none;'></iframe> <div id='likes-other-gravatars' class='wpl-new-layout' role="dialog" aria-hidden="true" tabindex="-1"> <div class="likes-text"> <span>%d</span> </div> <ul class="wpl-avatars sd-like-gravatars"></ul> </div> <script src="//stats.wp.com/w.js?68" defer></script> <script type="text/javascript"> _tkq = window._tkq || []; _stq = window._stq || []; _tkq.push(['storeContext', {'blog_id':'641345','blog_tz':'-5','user_lang':'en','blog_lang':'en','user_id':'0'}]); _stq.push(['view', {'blog':'641345','v':'wpcom','tz':'-5','user_id':'0','post':'200','subd':'ascending'}]); _stq.push(['extra', {'crypt':'UE5XaGUuOTlwaD85flAmcm1mcmZsaDhkV11YdWFnNncxc1tjZG9XVXhRZmhSYUFEMXVJdlp1Q2dGaT0lXXxFb1RyWzM3ZWV0ZjI4SmVUVlVdWWNTSi5sUmxLZmpQK09bRz1aTHYvLU8uc3xRNmRFd210bV0/Nnl0QnRpTWwwN3BJaTNNVXxsfnAmM3gteFt6JSVQbW5dVzdZbFdUSXwxSXI0LUdSWVYubU9lVz1iK3xfaHZDeG9LW0VCbXVzcThPLiw3R2ZEcTRIbWJzXWU5YUssMGZjTzRjdkxGUCYmWWpXQUktJWwwW3ZraWdvJkI5MXw0M2V8TXVCLUUmS1Ewc1pFYTM2eVomJnQ/JWFBbVZjV2pbOHJdRlNGK1RUMW1QRzJ8eFRfaFdkQ0NEaGxTOC1TdHAralRRaTY2c218b19WJVtyOHFiS0wzbixEVDA='}]); _stq.push([ 'clickTrackerInit', '641345', '200' ]); </script> <noscript><img src="https://pixel.wp.com/b.gif?v=noscript" style="height:1px;width:1px;overflow:hidden;position:absolute;bottom:1px;" alt="" /></noscript> <script defer id="bilmur" data-customproperties="{"enq_jquery":"1","logged_in":"0","wptheme":"pub\/contempt","wptheme_is_block":"0"}" data-provider="wordpress.com" data-service="simple" data-site-tz="Etc/GMT+5" src="/wp-content/js/bilmur-4.min.js?i=12&m=202508"></script><div id="marketingbar" class="marketing-bar noskim "><div class="marketing-bar-text">Design a site like this with WordPress.com</div><a class="marketing-bar-button" href="https://wordpress.com/start/?ref=marketing_bar">Get started</a><a class="marketing-bar-link" tabindex="-1" aria-label="Create your website at WordPress.com" href="https://wordpress.com/start/?ref=marketing_bar"></a></div> <script type="text/javascript"> window._tkq = window._tkq || []; window._tkq.push( [ 'recordEvent', 'wpcom_marketing_bar_impression', {"is_current_user_blog_owner":false} ] ); document.querySelectorAll( '#marketingbar > a' ).forEach( link => { link.addEventListener( 'click', ( e ) => { window._tkq.push( [ 'recordEvent', 'wpcom_marketing_bar_cta_click', {"is_current_user_blog_owner":false} ] ); } ); }); </script><script> ( function() { function getMobileUserAgentInfo() { if ( typeof wpcom_mobile_user_agent_info === 'object' ) { wpcom_mobile_user_agent_info.init(); var mobileStatsQueryString = ''; if ( wpcom_mobile_user_agent_info.matchedPlatformName !== false ) { mobileStatsQueryString += '&x_' + 'mobile_platforms' + '=' + wpcom_mobile_user_agent_info.matchedPlatformName; } if ( wpcom_mobile_user_agent_info.matchedUserAgentName !== false ) { mobileStatsQueryString += '&x_' + 'mobile_devices' + '=' + wpcom_mobile_user_agent_info.matchedUserAgentName; } if ( wpcom_mobile_user_agent_info.isIPad() ) { mobileStatsQueryString += '&x_' + 'ipad_views' + '=' + 'views'; } if ( mobileStatsQueryString != '' ) { new Image().src = document.location.protocol + '//pixel.wp.com/g.gif?v=wpcom-no-pv' + mobileStatsQueryString + '&baba=' + Math.random(); } } } document.addEventListener( 'DOMContentLoaded', getMobileUserAgentInfo ); } )(); </script> </body> </html>