LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-01-2004, 02:47 AM   #1
musicman_ace
Senior Member
 
Registered: May 2001
Location: Indiana
Distribution: Gentoo, Debian, RHEL, Slack
Posts: 1,555

Rep: Reputation: 46
Please explain something about IPTABLES


I've edited a firewall that was well documented to get a better understanding. One thing still puzzles me when you iptables -list.


On the INPUT chain. The first line says Accept all from anywhere to anywhere. That to me would say the computer is wide open. Am I right?

The only explanation I can come up with is that the first line would always say that. I may have missed something in the firewall document and there rendered the entire firewall useless.

For reference, it is acting as if my ISP is 192.168.0.4 and my internal network is 192.168.1.##.
Eth0 = 192.168.0.4
Eth1 = 192.168.1.1

Thanks for anyones help





Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.1.0/24 anywhere
drop-and-log-it all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere 192.168.0.4 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:bootpc dpt:bootps
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:bootps
ACCEPT tcp -- anywhere 192.168.0.4 state NEW,RELATED,ESTABLISHED tcp dpt:http
ACCEPT tcp -- anywhere 192.168.0.4 state RELATED,ESTABLISHED tcp dpt:https
ACCEPT tcp -- anywhere 192.168.1.0/24 state NEW,RELATED,ESTABLISHED tcp dpt:ssh
drop-and-log-it all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
drop-and-log-it all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.0.4 192.168.1.0/24
ACCEPT all -- 192.168.1.0/24 192.168.1.0/24
drop-and-log-it all -- anywhere 192.168.1.0/24
ACCEPT all -- 192.168.0.4 anywhere
ACCEPT tcp -- 192.168.1.0/24 255.255.255.255 tcp spt:bootps dpt:bootpc
ACCEPT udp -- 192.168.1.0/24 255.255.255.255 udp spt:bootps dpt:bootpc
drop-and-log-it all -- anywhere anywhere

Chain drop-and-log-it (5 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
 
Old 06-01-2004, 04:07 AM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
#iptables -nvL

will reveal the secrets. If you are still confused, let us know.
 
Old 06-01-2004, 09:41 AM   #3
musicman_ace
Senior Member
 
Registered: May 2001
Location: Indiana
Distribution: Gentoo, Debian, RHEL, Slack
Posts: 1,555

Original Poster
Rep: Reputation: 46
much better

That helps tremedously, cause now it shows exactly what I was trying to acheive with the firewall.

FYI to other newbies, the first line was the loopback.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
explain. bruse Linux - Newbie 6 09-08-2005 11:48 PM
Help! explain needed for the output of iptables -L mrpc_cambodia Red Hat 2 07-20-2004 11:16 PM
can anyone explain this? log Linux - Software 2 06-10-2003 12:30 AM
Can someone please explain this trentk Linux - General 6 09-25-2002 12:51 PM
Please explain pilotgi Linux - Software 9 05-09-2002 06:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration