[CentOS] Default CentOS(Redhat) iptables, Secure?

Johnny Hughes mailing-lists at hughesjr.com
Wed Nov 30 12:27:20 UTC 2005


On Wed, 2005-11-30 at 21:16 +0900, Mark Sargent wrote:
> Hi All,
> 
> whilst not being an expert on iptables, the below ouput of iptables -L 
> seems too insecure to me. Does anyone agree.? Perhaps I'm not 
> understanding it as well as I think I am.? Please give your thoughts on 
> this. Cheers.
> 
> Mark  Sargent.
> 
> 
> [root at localhost racket]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     icmp --  anywhere             anywhere            icmp any
> ACCEPT     ipv6-crypt--  anywhere             anywhere
> ACCEPT     ipv6-auth--  anywhere             anywhere
> ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
> ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
> ACCEPT     all  --  anywhere             anywhere            state 
> RELATED,ESTABLISHED
> REJECT     all  --  anywhere             anywhere            reject-with 
> icmp-host-prohibited
> You have new mail in /var/spool/mail/root
> _______________________________________________

Does it not block everything inbound except connections you initiate and
the couple things that they included by default?

ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere        anywhere
ACCEPT     ipv6-auth--  anywhere         anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos/attachments/20051130/2593174d/attachment.bin


More information about the CentOS mailing list