iptables: why do I want INPUT rule 3 (built by firestarter)

linuxStudent11 · 06-25-2009, 01:32 AM

My system works fine but I'm confused about what firestarter built for me.

sudo iptables --line-number -nL INPUT
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 192.168.0.1 0.0.0.0/0 tcp flags:!0x17/0x02
2 ACCEPT udp -- 192.168.0.1 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 LSI udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
5 LSI icmp -- 0.0.0.0/0 0.0.0.0/0
6 DROP all -- 0.0.0.0/0 255.255.255.255
7 DROP all -- 0.0.0.0/0 192.168.0.255
8 DROP all -- 224.0.0.0/8 0.0.0.0/0
9 DROP all -- 0.0.0.0/0 224.0.0.0/8
10 DROP all -- 255.255.255.255 0.0.0.0/0
11 DROP all -- 0.0.0.0/0 0.0.0.0
12 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
13 LSI all -f 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
14 INBOUND all -- 0.0.0.0/0 0.0.0.0/0
15 LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
16 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'

QUESTION: Rule 3 looks like it acecpts bloody EVERYTHING so that all following lines are superfluous.
What don't I understand about iptables???? That's my question. Can't find anything in the tutorials I've found.
Same line exists in the OUTPUT chain.

But!?! It seems to be working ok!?! Howcum????
And there seems to be no change with
iptables -D INPUT 3
Wierd.

win32sux · 06-25-2009, 02:49 AM

Try with the -v (verbose) option:

Code:

iptables -nvL INPUT

This will show you the interface the rule applies to.

My guess/hope is it's the loopback interface (lo) in your case.

linuxStudent11 · 06-25-2009, 03:29 AM

Duh ... yup!!!

edsmithers · 09-21-2010, 06:39 PM

and again... duh!! thanks i'm coming back to iptables after a while and this rule had me stumped, good to know the v option shows interfaces.

win32sux · 09-21-2010, 09:28 PM

That's good news, but please don't resurrect dead threads unless it's absolutely necessary.