Help an IPTABLES neophyte please
Paul Campbell
pwc at u.washington.edu
Fri May 9 21:48:34 UTC 2008
Question for clarification on
REDHAT iptables vs iptables
It seems that there is something that translates an
"abbreviated" iptables command-line and processes it.
WHY ? The cmd line differences seem trivial.
eg.
> iptables -A INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
Where is this process for "abbreviation/translation/processing" documented?
I can read the iptables docs but I can not find docs or rationale
on this.
Using the normal iptables, allows you to imbed sh commands in the
stream but I can't do that because of the "translation".
I have looked at the iptables package and the securitylevel but
I can't find it.
I don't want to disable SELINUX but I would like to look at
disabling this translation.
Here is the beginning of the REDHAT iptables RedHat
installs at start-up:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
////////////////////////////////////////////
Here is a sample of your code:
> Dang, change jobs? Nerd.com now? LOL
>
> Here's the script I use to set the firewall. IP's have been modified to
> protect the innocent
>
> #Clean out the IP Tables
> iptables -F
> iptables -X
>
> #setup default filter policy
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
>
> #Allow unlimited traffic on loopback
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
More information about the Redhat-install-list
mailing list