Difference btn protocol "tcp" and "all"

Dear Friends,

While writing firewall rule in iptables we can use the protocol value

tcp
udp
icmp
all

Can any one explain me

(1). If we Allow one firewall forward rule for the "tcp" protocol, for example

iptables -A FORWARD -i eth0 -o ppp0 -m state --state NEW -j ACCEPT -p tcp -d 0/0 --dport 80 -s 0/0 --sport 1:65535

and then the second rule for "ip" protocol

iptables -A FORWARD -i eth0 -o ppp0 -m state --state NEW -j DROP -p all -d 0/0 -s 0/0

if we execute these two rules,

am able to browse.

I want to know what is the difference between these "tcp" and "all" and others.

How "all" Differ from other protocol "tcp", "Udp" and Icmp.

Thank You.

With Regards,
Nimmy

'all' allows you to create a rule that applies to any protocol, for example one that just restricts by IP address. If you want to be more granular then you can actually define the protocol that a rule will apply to, for example 'tcp'

In addition to TheBishop's reply, 'all' includes protocols that may not be covered by 'ip' like 'esp', 'ah', 'gre', etc.

Hi,

Thank U very much.

Let me explain my problem,

First i have created one forwared rule which is allow the tcp traffic to the external network to the port 80

iptables -A FORWARD -i eth0 -o ppp0 -m state --state NEW -j ACCEPT -p tcp -d 0/0 --dport 80 -s 0/0 --sport 1:65535

the next rule i have execute one forward rule which is block the ip traffic to the external network to the port 80

iptables -A FORWARD -i eth0 -o ppp0 -m state --state NEW -j DROP -p all -d 0/0 -s 0/0

The Source IP and Destination IP range of both the above two rules are same, only the action is different.

Here "all" protocol means for all protocol which includes 'tcp', 'ucp','icmp' and etc.

In this situation whether the traffic to the external network is allow or blocked, after the two firewall rules executed.

Sorry if i am wrong.

Thanks and Regards,
Nimmy

Iptables processes the rules in turn and when a match is attained, it performs the specified instruction. Thus the second rule you've written
[code:1]iptables -A FORWARD -i eth0 -o ppp0 -m state --state NEW -j DROP -p all -d 0/0 -s 0/0[/code:1]
will only be reached for all non-tcp traffic or for tcp traffic heading for ports other than 80.

Some additional comments on your rules syntax:

You do not need to specify "-s 0/0" or "-d 0/0" as these are implied by default. i.e. only specify them when you want to restrict to a particular IP range.
Likewise, "--sport 1:65535" is also redundant unless you want to restrict to a particular port number.
And come to think of it, "-p all" is also redundant as this is assumed unless of course you wish to specify a particular protocol. Of course, if you want to leave these options in to improve the readability of the rules, it's your choice.

Finally, to answer your initial query, you should be able to browse (on port 80) at least with the rules you specified.

Hi Da Light,

Thanks a lot for u r Explanation. I got clear about these firewall rule execution.

Thank U Very Much.

Cheers,
Nimmy