On Wed, 2005-11-30 at 21:16 +0900, Mark Sargent wrote:
> Hi All,
>
> whilst not being an expert on iptables, the below ouput of iptables -L
> seems too insecure to me. Does anyone agree.? Perhaps I'm not
> understanding it as well as I think I am.? Please give your thoughts on
> this. Cheers.
>
> Mark Sargent.
>
>
> [root@localhost racket]# iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain RH-Firewall-1-INPUT (2 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT icmp -- anywhere anywhere icmp any
> ACCEPT ipv6-crypt-- anywhere anywhere
> ACCEPT ipv6-auth-- anywhere anywhere
> ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
> ACCEPT udp -- anywhere anywhere udp dpt:ipp
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> REJECT all -- anywhere anywhere reject-with
> icmp-host-prohibited
> You have new mail in /var/spool/mail/root
> _______________________________________________
Does it not block everything inbound except connections you initiate and
the couple things that they included by default?
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos/attachments/20051130/2593174d/attachment.bin
