[CentOS] Standard RH iptables analysis

Al Sparks data345 at yahoo.com
Thu Jun 7 00:40:38 UTC 2007


This is a standard RedHat / CentOS firewall configuration, where I
told it, through the standard RH setup GUI, that I want ssh and
snmp allowed through.

  Chain INPUT (policy ACCEPT)
  target     prot opt source               destination         
  RH-Firewall-1-INPUT  all  --  anywhere             anywhere            
  
  Chain FORWARD (policy ACCEPT)
  target     prot opt source               destination         
  RH-Firewall-1-INPUT  all  --  anywhere             anywhere            
  
  Chain OUTPUT (policy ACCEPT)
  target     prot opt source               destination         
  
  Chain RH-Firewall-1-INPUT (2 references)
  target     prot opt source               destination         
  ACCEPT     all  --  anywhere             anywhere            
  ACCEPT     icmp --  anywhere             anywhere            icmp any 
  ACCEPT     ipv6-crypt--  anywhere             anywhere            
  ACCEPT     ipv6-auth--  anywhere             anywhere            
  ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353 
  ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
  ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
  ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:snmp 
  ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
  REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

The way I read this, though, the first rule in the RH-Firewall-1-INPUT
chain applies to all packets coming in, which it accepts.  That's all
protocols from "anywhere" going to "anywhere".

So shouldn't the packet no longer be evaluated past that rule?

I know that when I have this enabled, it's stopping packets.  So I'm
reading this wrong.  What am I getting wrong?

   === Al






More information about the CentOS mailing list