In, IPTables, whats the difference between these two rules?

linux iptables

What the difference between these two or are they essentially the same thing?

iptables -t filter -A FORWARD -s $EXTERNALNET -d $INTERNALNET -p tcp --dport 22 -j ACCEPT
iptables -t filter -A FORWARD -s $INTERNALNET -d $EXTERNALNET -p tcp --sport 22 -j ACCEPT

The first rule accepts traffic being forwarded from $EXTERNALNET to $INTERNALNET with destination port 22/tcp.

The second rule accepts traffic being forwarded from $INTERNALNET to $EXTERNALNET with source port 22/tcp.

In a proper configuration of a stateful firewall like iptables, there should be no need for rules to allow traffic based on source port, since both directions of validly established TCP streams are allowed. Doing otherwise can lead to security holes--in this case, allowing all outbound traffic so long as it has a source port of 22/tcp.

With a non-stateful configuration, the example given is probably about the best that can be accomplished.


-s is source, and -d is destination, so these rules are in relation to traffic fowing in either direction.

the $INTERNALNET & $EXTERNALNET are variables, likely of a subnet or network range. I'm assuming this is from a bash script you got somewhere ?

Related

Process for configuring network settings on a headless rack mount device
Use server's IP via SSH tunnel
Microsoft VDI 2012 - VDI Personal collection vs Session-based deployment
How to find last login user on given computer name on AD
Bridging Hyper-V virtual network and physical network kills physical network connection [closed]
How to redeploy host-manager webapp on Tomcat 7?
Problems with MDNS flooding on port 5353 UDP
possible UDP attack on BIND?
Transfer an account from a 'dead' domain
Granting rights on postgresql database to another user
Gmail.com detect mail as spam, but the server is not on any BlackList
High Server Load cannot figure out why [closed]