iptables rule on Fedora13 doesn't make sense

phoenixzam · 11-19-2013, 05:12 PM

I presume iptables discussions normally go into the Security forum, but this question has more to do syntax and meaning.
The rule is:

Code:

iptables -A INPUT -d 192.168.1.255/32 -i 192.168.168.255 -j ACCEPT

Question:
What does this really do? I don't get the -d & -i option values. For the interfaces here it provides IP addresses (specifically broadcast addresses). How is an interface identified by a broadcast address? Does it reflect the interfaces on this box that would receive the broadcast packets sent to those addresses?

John VV · 11-19-2013, 06:05 PM

Fedora 13 is dead and 6 or7 versions out of date
fedora 19 is the current and fedora 20 will ne released soon

please install fedora 19
then worry about the firewall

and you are allowing that ip address

phoenixzam · 11-20-2013, 08:40 AM

Uh, that seems a little rude. Yes, I KNOW it is out of date, but simply installing Fedora 19 is by NO means an option. This box is in service. Besides, what does it being a Fedora 13 box have to do with interpreting this iptables commmand? Are you saying that if I have a question about our Fedora 2 box, I'll have to upgrade it before you'll help me?
I may be new to Linux Server administration, but I know you don't have to have the latest version of ANYTHING if what you have does the job. This box does the job it was built to do by the original admin, I just need to understand what that is. Interpreting this line is part of understanding how it firewalls a section of our network. Okay?

So you're saying it is "allowing that ip address" and I think I understand what you mean, you're deciphering the -d option. But what about the -i?
When I read it like a sentence, "If the destination of an incoming packet is 192.168.1.255/32, and it came in through interface 192.168.168.255, then accept it," that part about "through interface 192.168.168.255" still makes no sense to me. And what about the /32 on the destination broadcast address? Can you please explain further without instructing me to upgrade my server OS?

DavidMcCann · 11-20-2013, 11:12 AM

A quick check on the internet reveals
https://frozentux.net/iptables-tutor...-tutorial.html
https://www.informit.com/articles/ar...21057&seqNum=4
I hope they do the trick: I haven't had the stamina to read them!

phoenixzam · 11-20-2013, 11:18 AM

Thanks, but no. Doesn't give me the info I looking for. However, I really appreciate you trying to help.

Can anyone tell me, is it possible for iptables to identify the incoming interface using a broadcast address? Because that is what seems to be happening in the code above.