[CentOS] iptables default configuration
Carlos Santana
neubyr at gmail.com
Tue Jan 19 14:46:38 UTC 2010
On Tue, Jan 19, 2010 at 1:01 AM, Ian Blackwell <ian at ikel.id.au> wrote:
> Rob Kampen wrote:
>> Carlos Santana wrote:
>>> - What does 'RH-Firewall-1-INPUT' chain means? This also seems to be a
>>> predefined chain, although not mentioned in wiki.
>>> - The wiki page approach is to flush existing rules and then add
>>> required rules to iptables. Is it possible to add/append required
>>> rules without flushing existing set of rules? Not sure, but I think
>>> this is where 'RH-Firewall-1-INPUT' chain comes into picture (user
>>> defined rules).
>>>
>>> Any explanation or resource link on this would be really helpful.
>>>
>>>
>> Try using webmin - there are rpm available for it and the interface
>> helps deal with the cryptic items that make up an iptable filter.
>> The reason for the RH-Firewall-1-INPUT chain means you can use the
>> same rule set for multiple items - i.e. both input and forward.
> I also find it useful to create different chains for different network
> traffic. For example, I have a chain that allows all web access - ports
> 80, 443, 8080 etc. I have a different chain for file-share access -
> e.g. NFS and Samba. This way, I can watch what is happening with those
> chains specifically, without wading through the significant output of
> the command "iptables -nvL".
>
> By using different chains, I can issue a command like "watch -d iptables
> -nvL CentOS-MAIL" to monitor network traffic on related ports. This has
> helped me many times in the past to see where network traffic is being
> blocked or given access.
>
> Just my 2c worth :)
>
> Ian
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
Thanks for the help everyone..
@ Ian: Could you please share an example on how to define chains and
reuse them?
That would be really helpful.
-
CS.
More information about the CentOS
mailing list