LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-28-2011, 07:36 PM   #1
maobin
Member
 
Registered: Feb 2011
Posts: 42

Rep: Reputation: 0
How to read IP tables


Hi ppl,
I run the below command
Code:
cat /etc/sysconfig/iptables
and got this

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Can any one teach me how to read this? or point me to the man I can read?
 
Old 02-28-2011, 07:54 PM   #2
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
Quote:
Originally Posted by maobin View Post
Hi ppl,
I run the below command
Code:
cat /etc/sysconfig/iptables
and got this

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Can any one teach me how to read this? or point me to the man I can read?
Sure... Type in "man iptables" on the command line. Cheers,

Josh
 
1 members found this post helpful.
Old 02-28-2011, 08:41 PM   #3
maobin
Member
 
Registered: Feb 2011
Posts: 42

Original Poster
Rep: Reputation: 0
so for example

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

This means append to chain named "RH-Firewall-1-INPUT", the interface in qn is "lo" and jump to "ACCEPT"?

and for,

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

this means append to chain named "RH-Firewall-1-INPUT",protocol in qn is tcp that match tcp from port 631 and jump to "ACCEPT"?

am i right in saying that?
 
Old 02-28-2011, 08:44 PM   #4
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
It is not jumping, you are just telling it accept the packet data if the destination port is 631 (cups) and it is a tcp packet. Hope that helps you understand it better.

http://en.wikipedia.org/wiki/Iptables

Wikipedia has an excellent description of operation.

Cheers,

Josh
 
1 members found this post helpful.
Old 02-28-2011, 09:33 PM   #5
maobin
Member
 
Registered: Feb 2011
Posts: 42

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by corp769 View Post
It is not jumping, you are just telling it accept the packet data if the destination port is 631 (cups) and it is a tcp packet. Hope that helps you understand it better.

http://en.wikipedia.org/wiki/Iptables

Wikipedia has an excellent description of operation.

Cheers,

Josh
Ic, Thanks alot for the assistance.
 
Old 03-01-2011, 03:22 AM   #6
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,062

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
An excellent (if a teensy bit long) document on iptables is available at:

http://iptables-tutorial.frozentux.net/

Available in several versions; I'd advise downloading a readable version, rather than just looking at the html, because you'll probably want to keep going back to various parts over a period of time.
 
Old 03-01-2011, 03:39 AM   #7
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
Quote:
Originally Posted by maobin View Post
Ic, Thanks alot for the assistance.
No problem!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mysql "flush logs" or "flush tables with read lock", ... hangs deadeyes Linux - Server 4 01-19-2010 03:24 AM
IP Tables gjagadish Linux - Networking 1 02-10-2006 05:33 PM
IP Tables help muru Linux - Security 3 09-27-2005 11:39 PM
what are ip tables? master Linux - Security 4 01-24-2005 07:59 PM
Ip Tables Mag|c Linux - Security 3 06-26-2003 10:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration