On Thursday 10 July 2008 22:49, Filipe Brandenburger wrote:
Could you post /etc/sysconfig/iptables?
/etc/sysconfig/iptables doesn't necessarily reflect what is running right now, and you can't include the counters with it.
I'm not interested in the counters I want to see how the rules are applied. Are you telling me that the GUI tool he is using to write the rules doesn't write them to the iptables file when he exits the program?
An acceptable compromise would be posting the output of the "iptables-save -c" command, which doesn't have the two issues above.
However, I still think that anyone handling firewalls on Linux using iptables should be familiar with the output of "iptables -nvL" which IMO is quite useful itself.
I handle firewall rules quit nice thank you.
Since you are in the mood to tell me I should know how to read this output please tell me what this means:
[snip] Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere [/snip]
What are we accepting here? All packets? If this is the case then there is no need for the rest of the rules in this chain.
Oh, by the way I prefer to use
iptables -L -v -n | less -SCi
I also prefer not to write any rules in the FORWARDing chain except the rules that JUMP to predefined chains LAN or WAN. Make it easier to read the rules and know what applies to what interface at a glance also making it easier to add rules or remove them in the order you want.
Again this is all personal preference.