LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices


Reply
  Search this Thread
Old 07-20-2004, 08:40 PM   #1
mrpc_cambodia
Member
 
Registered: Jun 2004
Posts: 131

Rep: Reputation: 15
Help! explain needed for the output of iptables -L


Dear experts,

After a fresh installation of redhat linux 9.0. i went to see my firewall setting by opening the sercurity level dialog. my firewall setting there is set to "Medium".

I switch to text mode and type this command "iptables -L" and it shows:

************************************

Chain INPUT (policy ACCEPT)

target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere


Chain FORWARD (policy ACCEPT)

target prot opt source destination

RH-Lokkit-0-50-INPUT all -- anywhere anywhere


Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Chain RH-Lokkit-0-50-INPUT (2 references)

target prot opt source destination

ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN

ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN

ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable

REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable

REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

*************************************

There are some options such as that i don't know And i can't find any help evening reading the man page.

- tcp dpts:0:1023
- flags:SYN,RST,ACK/SYN
- reject-with icmp-port-unreachable"

So could u please explain me what are these options for?



Thanks,
 
Old 07-20-2004, 09:11 PM   #2
320mb
Senior Member
 
Registered: Nov 2002
Location: pikes peak
Distribution: Slackware, LFS
Posts: 2,577

Rep: Reputation: 48
can't find help.....what!!!

http://www.linuxguruz.com/iptables/h...s-HOWTO-6.html

Quote:
Listing a Chain
You can list all the rules in a chain by using the `-L' command.


The `refcnt' listed for each user-defined chain is the number of rules which have that chain as their target. This must be zero (and the chain be empty) before this chain can be deleted.


If the chain name is omitted, all chains are listed, even empty ones.


There are three options which can accompany `-L'. The `-n' (numeric) option is very useful as it prevents iptables from trying to lookup the IP addresses, which (if you are using DNS like most people) will cause large delays if your DNS is not set up properly, or you have filtered out DNS requests. It also causes TCP and UDP ports to be printed out as numbers rather than names.


The `-v' options shows you all the details of the rules, such as the the packet and byte counters, the TOS comparisons, and the interfaces. Otherwise these values are omitted.


Note that the packet and byte counters are printed out using the suffixes `K', `M' or `G' for 1000, 1,000,000 and 1,000,000,000 respectively. Using the `-x' (expand numbers) flag as well prints the full numbers, no matter how large they are.
 
Old 07-20-2004, 11:16 PM   #3
mrpc_cambodia
Member
 
Registered: Jun 2004
Posts: 131

Original Poster
Rep: Reputation: 15
Thanks,

I just wonder what are these options for?

tcp dpts:0:1023
flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable

these value are from the output of "iptables -L"
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables -P vs :OUTPUT in /etc/sysconfig/iptables TomF Linux - Security 2 04-14-2005 10:50 PM
Could someone please explain this nmap output? stardotstar Linux - Networking 0 02-07-2005 10:02 PM
explain the output suchi_s Programming 9 11-08-2004 09:07 AM
Please explain something about IPTABLES musicman_ace Linux - Networking 2 06-01-2004 09:41 AM
explain the output c pragti Programming 10 05-28-2004 12:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 01:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration