[CentOS] Standard RH iptables analysis

Thu Jun 7 01:31:54 UTC 2007
Jay Leafey <jay.leafey at mindless.com>

Al Sparks wrote:
> 
> I found the answer to my own question.  The above output is from a
>    # iptables -L
> 
> But I looked at the /etc/sysconfig/iptables file and:
>    -A FORWARD -j RH-Firewall-1-INPUT
>    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
>    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
>    -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
>    -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
>    -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
>    -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
>    -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 161 -j ACCEPT
>    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
>    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 
>    COMMIT
> 
> The first RH-Firewall-1-INPUT only applies to "-i lo" or the loopback interface.
> 
> Strangely enough, that's not reflected in the 
>    # iptables -L
> output.

Try 'iptables -L -v', it shows a bit more information... like the 
interface a rule applies to, if any.

-- 
Jay Leafey - Memphis, TN
jay.leafey at mindless.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5177 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20070606/87a3f536/attachment-0004.bin>