Rob Kampen wrote: > Carlos Santana wrote: >> - What does 'RH-Firewall-1-INPUT' chain means? This also seems to be a >> predefined chain, although not mentioned in wiki. >> - The wiki page approach is to flush existing rules and then add >> required rules to iptables. Is it possible to add/append required >> rules without flushing existing set of rules? Not sure, but I think >> this is where 'RH-Firewall-1-INPUT' chain comes into picture (user >> defined rules). >> >> Any explanation or resource link on this would be really helpful. >> >> > Try using webmin - there are rpm available for it and the interface > helps deal with the cryptic items that make up an iptable filter. > The reason for the RH-Firewall-1-INPUT chain means you can use the > same rule set for multiple items - i.e. both input and forward. I also find it useful to create different chains for different network traffic. For example, I have a chain that allows all web access - ports 80, 443, 8080 etc. I have a different chain for file-share access - e.g. NFS and Samba. This way, I can watch what is happening with those chains specifically, without wading through the significant output of the command "iptables -nvL". By using different chains, I can issue a command like "watch -d iptables -nvL CentOS-MAIL" to monitor network traffic on related ports. This has helped me many times in the past to see where network traffic is being blocked or given access. Just my 2c worth :) Ian