Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've edited a firewall that was well documented to get a better understanding. One thing still puzzles me when you iptables -list.
On the INPUT chain. The first line says Accept all from anywhere to anywhere. That to me would say the computer is wide open. Am I right?
The only explanation I can come up with is that the first line would always say that. I may have missed something in the firewall document and there rendered the entire firewall useless.
For reference, it is acting as if my ISP is 192.168.0.4 and my internal network is 192.168.1.##.
Eth0 = 192.168.0.4
Eth1 = 192.168.1.1
Thanks for anyones help
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.1.0/24 anywhere
drop-and-log-it all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere 192.168.0.4 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:bootpc dpt:bootps
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:bootps
ACCEPT tcp -- anywhere 192.168.0.4 state NEW,RELATED,ESTABLISHED tcp dpt:http
ACCEPT tcp -- anywhere 192.168.0.4 state RELATED,ESTABLISHED tcp dpt:https
ACCEPT tcp -- anywhere 192.168.1.0/24 state NEW,RELATED,ESTABLISHED tcp dpt:ssh
drop-and-log-it all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
drop-and-log-it all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.0.4 192.168.1.0/24
ACCEPT all -- 192.168.1.0/24 192.168.1.0/24
drop-and-log-it all -- anywhere 192.168.1.0/24
ACCEPT all -- 192.168.0.4 anywhere
ACCEPT tcp -- 192.168.1.0/24 255.255.255.255 tcp spt:bootps dpt:bootpc
ACCEPT udp -- 192.168.1.0/24 255.255.255.255 udp spt:bootps dpt:bootpc
drop-and-log-it all -- anywhere anywhere
Chain drop-and-log-it (5 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.