On Thu, 2009-04-23 at 12:13 +0930, Tim wrote: > On Tue, 2009-04-21 at 19:17 -0700, Antonio Olivares wrote: <snip> > > [root@localhost ~]# service iptables status > > Table: filter > > Chain INPUT (policy ACCEPT) > > num target prot opt source destination > > 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED > > 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 > > 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > > 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 > > 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited <snip> > The third rule allows all traffic, no matter what. Which contradicts > the first rule. Something's been badly set up, here. <snip> Hi Tim, I just wanted to clarify that third rule for you. Nothing has been "badly set up". The real problem is that "service iptables status" does not tell you the "whole" story, it's equivalent to "iptables -L". Instead, the OP should use the command "iptables -vL". The -v turns the output to verbose and will display a pair of additional columns, the incoming and outgoing interface. I assume (admittedly I could be bitten on this), since the above seems rather "default", that the missing columns will identify that the incoming interface is set to "lo" or loopback on that third rule. So the third rule is allowing all inbound traffic from other "local processes", not "remote"..... It is one of the default rules when one first Enables the firewall using the system-config tools. HTH, --Rob -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
