iptables question

[Blackburn, Marvin]

I did leave out the next to last line.
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

Also what does the [0:0] indicate?

Thanks for the great response.

_____________________________________
"He's no failure. He's not dead yet."
William Lloyd George

I'm trying to get familiar with iptables.  I am making some progress,
but I'm trying to figure out what these lines mean in
/etc/sysconfig/iptables (especially the first 5).

This was generated on a rhel5 system using system-config-securitylevel

 

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

COMMIT
-------------------------------------------------------------------- 

The first line denotes which table (filter or nat) the following lines
apply to.

The next 3 lines are the default chains - these are the only ones that
can have default targets (the ACCEPT keyword on that line).

The 4th line is a custom chain - you can tell its custom because a) its
not one of the first 3, but also b) the default target is -.

The 5th line sends whatever hits it (in this case, everything) from the
INPUT chain to the custom chain.
The 6th line does the same thing with the FORWARD chain.
The 7th line accepts all traffic on the local loopback interface, then
sends everything else back to the originating chain.
The last line tells iptables to send the list of rules built to this
point back to kernelspace.

FYI, this iptables config won't stop anything - Since the default target
for the INPUT chain is ACCEPT, everything non-local will fall out of the
custom chain and be ACCEPTed.

Rob Marti


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list