Re: Question(s) default firewall in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2009-04-23 at 12:13 +0930, Tim wrote:
> On Tue, 2009-04-21 at 19:17 -0700, Antonio Olivares wrote:
<snip>
> > [root@localhost ~]# service iptables status
> > Table: filter
> > Chain INPUT (policy ACCEPT)
> > num  target     prot opt source               destination         
> > 1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
> > 2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
> > 3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
> > 4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
> > 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
<snip>
> The third rule allows all traffic, no matter what.  Which contradicts
> the first rule.  Something's been badly set up, here.
<snip>

Hi Tim,

I just wanted to clarify that third rule for you.  Nothing has been
"badly set up".  The real problem is that "service iptables status" does
not tell you the "whole" story, it's equivalent to "iptables -L".
Instead, the OP should use the command "iptables -vL".  The -v turns the
output to verbose and will display a pair of additional columns, the
incoming and outgoing interface.  I assume (admittedly I could be bitten
on this), since the above seems rather "default", that the missing
columns will identify that the incoming interface is set to "lo" or
loopback on that third rule.  So the third rule is allowing all inbound
traffic from other "local processes", not "remote".....  It is one of
the default rules when one first Enables the firewall using the
system-config tools.

HTH,

--Rob

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux