LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-02-2006, 11:02 PM   #1
manueljose
LQ Newbie
 
Registered: Aug 2004
Posts: 8

Rep: Reputation: 0
Question Basic iptables help


Hiya All!

This is a very basic question. The default custom table that comes with Fedora looks like this:

-------
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
-------

As I can see the first rule will accept all protocols from anywhere to anywhere but it is not like that since I need to add a new rule to open a web server. Would someone explain me what does the first rule mean? Thanks a lot

Manuel
 
Old 01-03-2006, 02:15 AM   #2
british_76
Member
 
Registered: Dec 2003
Distribution: kubuntu breezy badger
Posts: 30

Rep: Reputation: 15
i would also say that this chain accepts every protocoll on every port from everywhere. but fedora-people are much smarter than me. maybe there is a reason why you have to open port 80 seperately to get a connection.


the chain RH-Firewall-1-INPUT is referenced 2 times. maybe it makes more sense in that context? may the RH-Firewall-1-INPUT is only used in special cases?
 
Old 01-03-2006, 02:26 AM   #3
british_76
Member
 
Registered: Dec 2003
Distribution: kubuntu breezy badger
Posts: 30

Rep: Reputation: 15
i would also say that this chain accepts every protocoll on every port from everywhere. but fedora-people are much smarter than me. maybe there is a reason why you have to open port 80 seperately to get a connection.


the chain RH-Firewall-1-INPUT is referenced 2 times. maybe it makes more sense in that context? may the RH-Firewall-1-INPUT is only used in special cases?
 
Old 01-03-2006, 09:16 AM   #4
kbuk
LQ Newbie
 
Registered: Nov 2005
Location: London
Distribution: Debian
Posts: 17

Rep: Reputation: 0
You've only given a small subset of the firewall, namely the RH-Firewall-1-INPUT chain.

The main (default) 3 are INPUT, FORWARD, OUTPUT (there are others are either NAT or user created)

While the first rule of RH-Firewall-1-INPUT accepts anything, that's only traffic that has been sent to it from the another (typically INPUT) chain.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables basic question Fordor Linux - Networking 5 10-12-2005 05:30 PM
Basic iptables howto??? PeaceTank Linux - Security 2 03-23-2005 01:30 AM
Basic iptables/firewall docs emailssent Linux - Networking 7 10-10-2004 11:02 PM
very basic question about labels in iptables celadoreuk Linux - Networking 0 10-05-2004 10:50 AM
I'm a BASIC chap, looking for some info on BASIC programming CragStar Programming 2 01-21-2001 09:19 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration