Re: iptables default configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Rob Kampen wrote:
> Carlos Santana wrote:
>> - What does 'RH-Firewall-1-INPUT' chain means? This also seems to be a
>> predefined chain, although not mentioned in wiki.
>> - The wiki page approach is to flush existing rules and then add
>> required rules to iptables. Is it possible to add/append required
>> rules without flushing existing set of rules? Not sure, but I think
>> this is where 'RH-Firewall-1-INPUT' chain comes into picture (user
>> defined rules).
>>
>> Any explanation or resource link on this would be really helpful.
>>
>>   
> Try using webmin - there are rpm available for it and the interface
> helps deal with the cryptic items that make up an iptable filter.
> The reason for the RH-Firewall-1-INPUT chain means you can use the
> same rule set for multiple items - i.e. both input and forward.
I also find it useful to create different chains for different network
traffic.  For example, I have a chain that allows all web access - ports
80, 443, 8080 etc.  I have a different chain for file-share access -
e.g. NFS and Samba.  This way, I can watch what is happening with those
chains specifically, without wading through the significant output of
the command "iptables -nvL".

By using different chains, I can issue a command like "watch -d iptables
-nvL CentOS-MAIL" to monitor network traffic on related ports.  This has
helped me many times in the past to see where network traffic is being
blocked or given access.

Just my 2c worth :)

Ian
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux