RE: help me in IPTABLES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

My knowledge of IP tables is not too great. But I think this example you
have given is supposed to represent a flow of related DNS packets
between
This host, and a DNS server. Correct me if I'm wrong.
Now I think your INPUT chain rule is not necessary and should be handled
by an INPUT chain where the state is RELATED, or ESTABLISHED. I don't
think you
Need to specify the INPUT chain rule as you have done, so something like
The following is what you want. This accepts any packets in the listed
state
Which is proper firewall behaviour.

Iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Somebody else might like to add to this, or correct me if necessary.

Regards,
Geoff.


-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Vivek Mangal
Sent: Wednesday, 18 July 2007 5:08 p.m.
To: redhat-list
Subject: help me in IPTABLES

hello all,

   Can you help me to understand iptables Problem in below line

iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j
ACCEPT

iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 -j ACCEPT

I have confeusion that in first line Destination Port is 53 and Source
Port 1024
to 65535
means any request come from 1024 to 65535 ports goes to 53  port.

And in second line Destination Port is 1024 to 65535 and Source Port 53
means any request come from 53 port goes to 1024 to 65535 ports.

it open all 1024 to 65535 and 53 ports then what the use of Iptable ?

Please help me........

Vivek Mangal
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
==========================================================
For more information on the Television New Zealand Group, visit us
online at tvnz.co.nz 
==========================================================
CAUTION:  This e-mail and any attachment(s) contain information that
is intended to be read only by the named recipient(s).  This information
is not to be used or stored by any other person and/or organisation.

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux