Daniel P. Berrange wrote:
So we have ACCEPT rules on a chain whose default policy is ACCEPT? Is there a later catch-all REJECT rule which I'm not seeing?Chain INPUT (policy ACCEPT 76724 packets, 366M bytes)pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- vnet2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- vnet2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT udp -- vnet2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT tcp -- vnet2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67Basically assume the policy of the chain could be anything. I just happened to have it as ACCEPT, but the user may well have other rules added by the OS tools (eg system-config-securitylevel) which would otherwise block our traffic. So in coming up with the rules I tried to be as explicit as possible about what to ACCEPT/REJECT.
Understood. The rules seem fine in that case. Rich. -- Emerging Technologies, Red Hat http://et.redhat.com/~rjones/ 64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421 Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Directors: Michael Cunningham (USA), Charlie Peters (USA) and David Owens (Ireland)
Description: S/MIME Cryptographic Signature