LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-06-2006, 03:06 AM   #1
john.s
LQ Newbie
 
Registered: May 2006
Posts: 27

Rep: Reputation: 15
iptable confusion


I'm getting confused here. The below is my default iptables:
Code:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
I'm searching everywhere online and I don't see anything that's similar to the above. Except I would see something like this:

iptables -A FORWARD -p tcp --dport 1863 -j DROP

^ How come the above is not similar to the one I have? Also, if I wanted to modify my default iptable and add my own rules to it, do I do something like this?
Code:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -A FORWARD -d 207.46.104.20 -j REJECT
COMMIT
Notice that I added a new entry at the end of the list. I just wanted to know if that was correct and should I restart the computer for it to apply it's changes.

Oh yea also why did they allow port 631(ipp) open as default? I found that very weird.
 
Old 06-06-2006, 03:49 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
it seems red hat has a habit of implementing their own (weird IMHO) iptables rules by default and stuff... they use some chain names and stuff that IMHO make things kinda confusing...

my recommendation would be to forget those rules and implement your own vanilla-flavored rules... but it's only a recommendation...

the reason the rules you find on the web look different from the red hat ones is because the ones on the web tend to be generic and stuff...

as for the port 631 question, it's probably because that's the printer daemon (CUPS) port...

Last edited by win32sux; 06-06-2006 at 03:51 AM.
 
Old 06-06-2006, 04:06 AM   #3
zhangmaike
Member
 
Registered: Oct 2004
Distribution: Slackware
Posts: 376

Rep: Reputation: 31
Quote:
How come the above is not similar to the one I have?
Because the one you have is a command (that one would type in a shell) that appends a rule to iptables, rather than a line from a configuration file. See the iptables manpage for more details.

The configuration file that you have provided has the exact same syntax as one saved using the iptables-save utility (which comes with iptables).

Quote:
Also, if I wanted to modify my default iptable and add my own rules to it, do I do something like this?
No. Notice that in the original file, none of the lines begin with "iptables".

If you want that rule to be added to your configuration file (given that that configuration is already loaded into iptables), just do (from the command line):
Code:
iptables -A FORWARD -d 207.46.104.20 -j REJECT
iptables-save > FILE_CONTAINING_IPTABLES_RULES
Quote:
should I restart the computer for it to apply it's changes
Under Linux, unless you want to use a newly compiled/installed kernel, you should never need to restart your computer in order for some change to take effect.

If you've run the iptables command to append the rule, then the firewall has already been updated with your changes.

If you have manually edited the configuration file, just run:
Code:
iptables-restore < FILE_CONTAINING_IPTABLES_RULES
and the firewall will be updated accordingly.

Last edited by zhangmaike; 06-06-2006 at 04:15 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
what is an iptable? Baran Linux - Newbie 7 02-07-2005 06:14 PM
iptable cristi1979 Linux - Networking 4 06-29-2003 06:54 PM
iptable help Neomaster Linux - Security 5 05-29-2003 10:13 PM
Iptable Help cirkut5732 Slackware 4 04-11-2003 12:18 AM
iptable help Syntax Linux - General 1 12-30-2002 12:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration