Re: Help an IPTABLES neophyte please

[Paul Campbell <pwc u washington edu>]

Question for clarification on
REDHAT iptables vs iptables

It seems that there is something that translates an
"abbreviated" iptables command-line and processes it.

WHY ? The cmd line differences seem trivial.
eg.
> iptables -A INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT

Where is this process for "abbreviation/translation/processing" documented?
I can read the iptables docs but I can not find docs or rationale
on this.

Using the normal iptables, allows you to imbed sh commands in the
stream but I can't do that because of the "translation".

I have looked at the iptables package and the securitylevel but
I can't find it.

I don't want to disable SELINUX but I would like to look at
disabling this translation.


Here is the beginning of the REDHAT iptables RedHat
installs at start-up:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

////////////////////////////////////////////

Here is a sample of your code:
> Dang, change jobs?  Nerd.com now? LOL
>
> Here's the script I use to set the firewall.  IP's have been modified to
> protect the innocent
>
> #Clean out the IP Tables
> iptables -F
> iptables -X
>
> #setup default filter policy
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
>
> #Allow unlimited traffic on loopback
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT