Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
05-24-2006, 08:58 AM
|
#1
|
|
Member
Registered: May 2004
Location: Atlanta, GA USA
Distribution: Redhat ES4, FC4, FC5, slax, ubuntu, knoppix
Posts: 155
Rep: 
|
IPTABLES Question
This line:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Just to verify.... this means that if a connection has already connected don't check each packet? Or is this saying allow everything?
I am just wondering because I added it to improve the performance of my firewall because I have an extensive block list. Now Snort is picking up bad traffic from IP's I have already blocked.
Thanks for your input...
|
|
|
|
|
05-24-2006, 11:28 PM
|
#2
|
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Rep: 
|
FWIW, I like the listing a little better (seems more clear to me).
Have a look at the manpages for iptables for exact definitions on what RELATED and ESTABLISHED mean. But it sounds like you have the gist of it (in your first question anyway).
Also, remember that with an INPUT chain policy of ACCEPT, you're going to ACCEPT any packets that don't match other rules in the chain.... |
|
|
|
|
05-25-2006, 12:25 PM
|
#3
|
|
Member
Registered: May 2004
Location: Atlanta, GA USA
Distribution: Redhat ES4, FC4, FC5, slax, ubuntu, knoppix
Posts: 155
Original Poster
Rep:
|
Thank you, I thought that was the case. I am starting to understand this animal (that's the scary part)
|
|
|
|
|
06-02-2006, 11:30 AM
|
#4
|
|
Member
Registered: Mar 2006
Posts: 43
Rep:
|
Hi,
I also wanted to give thanks to anomie for the little tidbit on using iptables w/ options -nvL. I'm using SuSEfirewall2 and was simply using iptables -L to look at my rules. When looking at the first rule of my INPUT chain it didn't make sense why my firewall was working:
Code:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
I thought "holy #$*&! Accept all packets from anywhere to anywhere?" But I tested my firewall and saw in my logs that it was indeed dropping things that it was supposed to drop. Then I browsed around LQ and found this thread and ran iptables -nvL:
Code:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
40 2512 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
"Oh, accept all packets on the loopback interface... whew!"
 |
|
|
|
All times are GMT -5. The time now is 10:15 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
