should there be 2 of everything in iptables?

Question

should there be 2 of everything in iptables?

Closed this issue a year ago · 2 comments

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  192.168.68.0/24      anywhere             /* nordvpn */
ACCEPT     all  --  192.168.68.0/24      anywhere             /* nordvpn */
ACCEPT     all  --  anywhere             anywhere             connmark match  0xe1f1 /* nordvpn */
ACCEPT     all  --  anywhere             anywhere             connmark match  0xe1f1 /* nordvpn */
DROP       all  --  anywhere             anywhere             /* nordvpn */
DROP       all  --  anywhere             anywhere             /* nordvpn */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.68.0/24      /* nordvpn */
ACCEPT     all  --  anywhere             192.168.68.0/24      /* nordvpn */
CONNMARK   all  --  anywhere             anywhere             mark match 0xe1f1 /* nordvpn */ CONNMARK save
ACCEPT     all  --  anywhere             anywhere             connmark match  0xe1f1 /* nordvpn */
CONNMARK   all  --  anywhere             anywhere             mark match 0xe1f1 /* nordvpn */ CONNMARK save
ACCEPT     all  --  anywhere             anywhere             connmark match  0xe1f1 /* nordvpn */
DROP       all  --  anywhere             anywhere             /* nordvpn */
DROP       all  --  anywhere             anywhere             /* nordvpn */

Answer 1 · 2023-07-11T07:54:52.000Z

Hello,
We are using firewall input and output chains to control both - incoming and outgoing traffic.
Is that approach causing some troubles to you?

Answer 2 · 2023-07-26T10:02:18.000Z

Closing the issue as question was answered and no follow-up questions were asked.