iptables question

Marti, Rob RJM002 at shsu.edu
Tue Mar 17 14:40:10 UTC 2009


-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Blackburn, Marvin
Sent: Tuesday, March 17, 2009 9:24 AM
To: redhat-list at redhat.com
Subject: iptables question

I'm trying to get familiar with iptables.  I am making some progress,
but I'm trying to figure out what these lines mean in
/etc/sysconfig/iptables (especially the first 5).

This was generated on a rhel5 system using system-config-securitylevel

 

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

COMMIT
-------------------------------------------------------------------- 

The first line denotes which table (filter or nat) the following lines apply to.

The next 3 lines are the default chains - these are the only ones that can have default targets (the ACCEPT keyword on that line).

The 4th line is a custom chain - you can tell its custom because a) its not one of the first 3, but also b) the default target is -.

The 5th line sends whatever hits it (in this case, everything) from the INPUT chain to the custom chain.
The 6th line does the same thing with the FORWARD chain.
The 7th line accepts all traffic on the local loopback interface, then sends everything else back to the originating chain.
The last line tells iptables to send the list of rules built to this point back to kernelspace.

FYI, this iptables config won't stop anything - Since the default target for the INPUT chain is ACCEPT, everything non-local will fall out of the custom chain and be ACCEPTed.

Rob Marti





More information about the redhat-list mailing list