IPTABLES doesn't work

[Michael Kearey]

smoothmilk wrote:
> Why doesn't redhat-config-securitylevel's iptables rules work?
> 
> If I turn off EVERYTHING (www, ftp, ssh, etc) and save, and even
> manually restart iptables (# /sbin/service iptables restart) other
> computers on my network can access www (even on weird, non-standard
> ports with http servers on them) ftp, ssh, etc. 

This is where it gets a little odd for me. 'Other computers on my 
network can access www' What are these other computers? Unless they 
gain access to Internet *through* your Fedora machine, the Fedora 
machines firewall has NOTHING to do with those machines.

The current redhat-config-securitylevel tool works on rules that 
control access to services running on the Fedora box, and cannot 
influence any other machine attached to the same network accessing 
other machines on that network.

> 
> So whats the point of even including that tool if it doesn't do
> anything? I dont understand how it just flat out doesn't work. I have no
> idea how iptables works, and because there's no documentation out there
> for beginners who just want a script that's for eth0 with a simple www,
> ssh and ftp server(s), Im stuck using rh's tools, which don't do
> anything. there's no security here. 

I can help. I suggest you go and seek the most basic understanding of 
the nature of tcp/ip and ethernet networks, and have a good think 
about it..

The redhat-config-securitylevel tool does pretty much exactly what it 
is designed to do - Set up iptables rules to assist in controlling 
access to services running on the host machine.

Cheers,
Michael