Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 12-24-2006, 12:21 AM   #1
Registered: Oct 2004
Location: Londinium
Distribution: CentOs 4, OSX Tiger
Posts: 93

Rep: Reputation: 15
iptables - command line gives different results to gui


I'm trying to configure Centos 4.4 iptables so that only ports 25 and 993 are listening. I've been reading all I can on iptables but I'm having unexpected results in applying it, and can only conclude I'm a bit confused, so some guidance seems required!

I ran from the command line
sudo /sbin/iptables -L INPUT

and got this

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

but if I go to Security Level in the System Tools menu then the firewall shows as enabled, and unless I add ports 25 and 993 in the extra box at the bottom (can't view it right now, please forgive that vagueness) then the firewall blocks everything. I ran ps aux to see if it was ipchains running, but I don't see it or iptables. I've added the /etc/sysconfig/iptables below if it's any help. I can see some of the rules I've set with the gui, but I don't fully understand the file (for instance, why can't I see 993 on there?).

So, 2 questions:
a) Shouldn't both the gui and the command line show the same thing, and why aren't they?
b) can anyone suggest either a clearly written resource I can refer to, or point me in the right direction for the right files and commands to configure via the command line.

Thanks for taking the time to look at this, any help/input is much appreciated.

:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
Old 12-24-2006, 10:22 AM   #2
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 64
The file /etc/sysconfig/iptables is not related to the gui tool system-config-securitylevel. The file /etc/sysconfig/system-config-securitylevel contains the data the gui tool sees.

I would either edit the file you have manually or write a completely new iptables-script. Or use a tool like shorewall or firewallbuilder. Never really used them much but offer a gui to help edit.


Last edited by Brian1; 12-24-2006 at 10:24 AM.
Old 12-24-2006, 10:28 AM   #3
Registered: Oct 2004
Location: Londinium
Distribution: CentOs 4, OSX Tiger
Posts: 93

Original Poster
Rep: Reputation: 15
thanks for the reply, much appreciated. I'll look into it a bit further.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
command line vs gui resnostyle Linux - Newbie 19 05-19-2006 08:24 AM
command line and GUI kpachopoulos Linux - Newbie 3 08-22-2004 10:13 AM
Command line to GUI Jon84 Slackware 34 03-12-2003 09:54 PM
Need help getting to GUI from command line Negativ13 Linux - Newbie 6 02-25-2003 04:20 PM
gui vs. command line sdfjk Linux - Newbie 1 10-05-2002 04:59 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:01 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration