Rob Kampen wrote:
> Carlos Santana wrote:
>> - What does 'RH-Firewall-1-INPUT' chain means? This also seems to be a
>> predefined chain, although not mentioned in wiki.
>> - The wiki page approach is to flush existing rules and then add
>> required rules to iptables. Is it possible to add/append required
>> rules without flushing existing set of rules? Not sure, but I think
>> this is where 'RH-Firewall-1-INPUT' chain comes into picture (user
>> defined rules).
>>
>> Any explanation or resource link on this would be really helpful.
>>
>>
> Try using webmin - there are rpm available for it and the interface
> helps deal with the cryptic items that make up an iptable filter.
> The reason for the RH-Firewall-1-INPUT chain means you can use the
> same rule set for multiple items - i.e. both input and forward.
I also find it useful to create different chains for different network
traffic. For example, I have a chain that allows all web access - ports
80, 443, 8080 etc. I have a different chain for file-share access -
e.g. NFS and Samba. This way, I can watch what is happening with those
chains specifically, without wading through the significant output of
the command "iptables -nvL".
By using different chains, I can issue a command like "watch -d iptables
-nvL CentOS-MAIL" to monitor network traffic on related ports. This has
helped me many times in the past to see where network traffic is being
blocked or given access.
Just my 2c worth :)
Ian
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
