iptables forwarding: ignorance isn't always bliss

[n_hologram]

I recently tinkered with an old laptop and got a hostapd hotspot running. I'd like to replace my current router since it's a bit old and figure this could be a cheaper option. However, I want to make sure I understand the Frankenstein-monster I've set-up before it's put to any serious use. My only concern lay with two iptables commands that were used to finally get internet on the connected clients. They originated from this Super User post:

Code: Select all

Forwarding enabled in iptables:
iptables -P FORWARD ACCEPT
iptables -F FORWARD

I've researched how iptables forwarding works, and it seems like this would be desirable as I intend for this to function as a NAT. But I wanted to present this question because there is a wealth of knowledge on this forum, and I could be missing something of which I'm simply not aware.

Tl;dr, I'd like to know if these two command are advisable for the firewall of a dedicated router. If not, what are some recommendations?

[dilberts_left_nut]

Those two commands just set the default policy for the FORWARD chain to ACCEPT and the clear any other rules in it.
Unless you want to apply any specific restrictions (or logging), that will work fine.

I have some rules in my FORWARD chain to count traffic for internal machines, so I can see who's using all that data...

[n_hologram]

Thank you for clarifying -- just wanted to make sure. Would you be willing to share the iptables commands that let you monitor your traffic? That sounds ideal.

[seco]

I think this tutorial explains chains and chain policy for iptables very well and even creating your custom chains and redirect your traffic to them https://likegeeks.com/linux-iptables-firewall-examples/
Hope it helps.