Earth, Wind, and Firewall - Does rule order matter?

RegionalFelidae7797 · October 23, 2025, 5:49pm

I just got the flag for the Earth, Wind, and Firewall challenge, but I don’t think I did it right.
The Firewall Basics lesson says iptables checks from top to bottom and jumps when it reaches the first rule that matches, so wouldn’t a DROP written before an ACCEPT jump to DROP before it reaches the rule that would accept it?

Basically:

Shouldn’t this deny 192.168.2.200? I’m unfamiliar with iptables and just want to clarify whether rule order is something I have to be aware of when setting up or if its something the firewall can figure out logically.

JosephWhite · October 23, 2025, 6:39pm

Yes rule order matters.

The first rule allows 192.168.2.200.

The second rule drops all of 192.168.2.0/24 which does include 192.168.2.200, but the accept rule comes before the drop rule.

If you put the drop rule first, then 192.168.2.200 would be blocked even if you had an accept rule for it after in the rule list.