Score:1

Could someone please explain the difference between these expressions

ua flag
drop proto tcp and not (dst port 80)

pass proto tcp and dst port 80

Is there a difference between them?

A.B avatar
cl flag
A.B
It's tagged iptables but the rules aren't iptables rules. Maybe pf or else some frontend?
Score:1
za flag

Well, the difference is simple.

  • first rule immediately drops non-HTTP
  • second rule immediately allows HTTP

Although it may trick you, these aren't even close. Because:

  • there are several types of traffic on the server, first rule just prohibits it.

  • in the same time it does not allows HTTP: whether or not HTTP will be allowed is determined by the subsequent rules or chain policy.

  • second rule, on the other hand, explicitly allows HTTP and doesn't tamper with everything else.

There are rare conditions where you need rules like first, so stick to the second ones unless you are absolutely sure why you need first one.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.