Hiya All!

This is a very basic question. The default custom table that comes with Fedora looks like this:

-------
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
-------

As I can see the first rule will accept all protocols from anywhere to anywhere but it is not like that since I need to add a new rule to open a web server. Would someone explain me what does the first rule mean? Thanks a lot

Manuel

i would also say that this chain accepts every protocoll on every port from everywhere. but fedora-people are much smarter than me. maybe there is a reason why you have to open port 80 seperately to get a connection.


the chain RH-Firewall-1-INPUT is referenced 2 times. maybe it makes more sense in that context? may the RH-Firewall-1-INPUT is only used in special cases?

i would also say that this chain accepts every protocoll on every port from everywhere. but fedora-people are much smarter than me. maybe there is a reason why you have to open port 80 seperately to get a connection.


the chain RH-Firewall-1-INPUT is referenced 2 times. maybe it makes more sense in that context? may the RH-Firewall-1-INPUT is only used in special cases?

You've only given a small subset of the firewall, namely the RH-Firewall-1-INPUT chain.

The main (default) 3 are INPUT, FORWARD, OUTPUT (there are others are either NAT or user created)

While the first rule of RH-Firewall-1-INPUT accepts anything, that's only traffic that has been sent to it from the another (typically INPUT) chain.