[CentOS] Understanding iptables

MHR mhullrich at gmail.com
Thu Jul 10 22:08:39 UTC 2008


In following up on the rsh "problem" I was having earlier, I decided
to try out the suggestion Felipe sent about using
system-config-securitylevel-tui to open up ports 513 and 514, but that
doesn't seem to do the job, either.

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:login
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:shell
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:telnet
REJECT     all  --  anywhere             anywhere
reject-with icmp-host-prohibited

Shouldn't this work given the login and shell lines above?  Or do they
need to come before the ESTABLISHED line, too?

Thanks.

mhr



More information about the CentOS mailing list