Hello Experts,

This may have something to do with an earlier thread. I tried to just live with "Maybe it was some kind of glitch"... that enabled me to login as root with half my password when I installed my server at an isp.

I have the basic redhat firwall installed with only ssh access enabled on redhat4ES

Maybe I'm paranoid now but when I do a ..

/sbin/iptables -L -v

=======================================================
One interesting result on OUTPUT is ...
Chain OUTPUT (policy ACCEPT 59097 packets, 9086K bytes)
pkts bytes target prot opt in out source destination
=======================================================
ACCEPT and FORWARD are both 0.
=======================================================

It's interesting because I haven't enabled anything or started using the server for anything. I ran up2date last week? Does the OUTPUT chain keep just take a snap shot when you use the -v option or is that the total from the last reboot?

Thank you

Moved: This thread does not contain questions about Linux Security or a (perceived) compromised server but about iptables listing rules. This thread would be more suitable in the Linux software forum and will have it's title defused and will then be moved there accordingly to help your thread/question get the exposure it deserves.

Doesn't look like i've been moved... good because it actually is a security question. If I'm not using a server but I have traffic isn't that a security issue?

If I've got packets going out, could it be someone is using my server if I'm not? But more then likely that's just my shell I guess? Although 9mb ???

Am I making any kind of sense here?

Doesn't look like i've been moved...
...to allow you to read this.


good because it actually is a security question.
If you think it's a security issue then read http://www.linuxquestions.org/questi...54#post2489954 and act on it.


If I'm not using a server but I have traffic isn't that a security issue?
DHCP, ARP, ICMP, HTTP, could be about anything.


If I've got packets going out, could it be someone is using my server if I'm not? But more then likely that's just my shell I guess? Although 9mb ???
Problem is there is no way you can discover later on what happened before if you did not set up an application or Iptables rules to log traffic before.

hmmm, okay then.

I checked that out. Looking at alot of things right now.


Yeah. Going to educate myself more about iptable logging... etc.

I think the default setup for the linux firewall has logging setup by default. I don't know ... I think so? Going to find out. Anyway it must because I can use the -v option and get packets incoming and outgoing.

Thank you for the replies. I appreciate it.

I see now, you moved it to the networking forum. I was looking in the software forum going nuts

I see now, you moved it to the networking forum. I was looking in the software forum going nuts
ROTFL, still haven't moved it.


I think the default setup for the linux firewall has logging setup by default. I don't know ... I think so?
If it has doing "/sbin/iptables -n -L | grep ^LOG" should show some lines.