[CentOS] Standard RH iptables analysis
Jay Leafey
jay.leafey at mindless.com
Thu Jun 7 01:31:54 UTC 2007
Al Sparks wrote:
>
> I found the answer to my own question. The above output is from a
> # iptables -L
>
> But I looked at the /etc/sysconfig/iptables file and:
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 161 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
>
> The first RH-Firewall-1-INPUT only applies to "-i lo" or the loopback interface.
>
> Strangely enough, that's not reflected in the
> # iptables -L
> output.
Try 'iptables -L -v', it shows a bit more information... like the
interface a rule applies to, if any.
--
Jay Leafey - Memphis, TN
jay.leafey at mindless.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5177 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20070606/87a3f536/attachment.bin>
More information about the CentOS
mailing list