On Tue, Jan 19, 2010 at 1:01 AM, Ian Blackwell <ian at ikel.id.au> wrote: > Rob Kampen wrote: >> Carlos Santana wrote: >>> - What does 'RH-Firewall-1-INPUT' chain means? This also seems to be a >>> predefined chain, although not mentioned in wiki. >>> - The wiki page approach is to flush existing rules and then add >>> required rules to iptables. Is it possible to add/append required >>> rules without flushing existing set of rules? Not sure, but I think >>> this is where 'RH-Firewall-1-INPUT' chain comes into picture (user >>> defined rules). >>> >>> Any explanation or resource link on this would be really helpful. >>> >>> >> Try using webmin - there are rpm available for it and the interface >> helps deal with the cryptic items that make up an iptable filter. >> The reason for the RH-Firewall-1-INPUT chain means you can use the >> same rule set for multiple items - i.e. both input and forward. > I also find it useful to create different chains for different network > traffic. For example, I have a chain that allows all web access - ports > 80, 443, 8080 etc. I have a different chain for file-share access - > e.g. NFS and Samba. This way, I can watch what is happening with those > chains specifically, without wading through the significant output of > the command "iptables -nvL". > > By using different chains, I can issue a command like "watch -d iptables > -nvL CentOS-MAIL" to monitor network traffic on related ports. This has > helped me many times in the past to see where network traffic is being > blocked or given access. > > Just my 2c worth :) > > Ian > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > Thanks for the help everyone.. @ Ian: Could you please share an example on how to define chains and reuse them? That would be really helpful. - CS.