[CentOS] Understanding iptables

[Robert Spangler]

On Thursday 10 July 2008 22:49, Filipe Brandenburger wrote:

>  > Could you post /etc/sysconfig/iptables?
>
>  /etc/sysconfig/iptables doesn't necessarily reflect what is running
>  right now, and you can't include the counters with it.

I'm not interested in the counters  I want to see how the rules are applied.
Are you telling me that the GUI tool he is using to write the rules doesn't 
write them to the iptables file when he exits the program?

>  An acceptable compromise would be posting the output of the
>  "iptables-save -c" command, which doesn't have the two issues above.
>
>  However, I still think that anyone handling firewalls on Linux using
>  iptables should be familiar with the output of "iptables -nvL" which
>  IMO is quite useful itself.

I handle firewall rules quit nice thank you.

Since you are in the mood to tell me I should know how to read this output 
please tell me what this means:

[snip]
Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
[/snip]

What are we accepting here?  All packets?  If this is the case then there is 
no need for the rest of the rules in this chain.

Oh, by the way I prefer to use

iptables -L -v -n | less -SCi

I also prefer not to write any rules in the FORWARDing chain except the rules 
that JUMP to predefined chains LAN or WAN.  Make it easier to read the rules 
and know what applies to what interface at a glance also making it easier to 
add rules or remove them in the order you want.

Again this is all personal preference.


-- 

Regards
Robert

Smile... it increases your face value!
Linux User #296285
http://counter.li.org