Re: Where to add own rules in /etc/sysconfig/iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2002-11-01 at 01:51, Michael Schwendt wrote:

> You did put default deny policies??? Then you can forget about
> trying to get it right. Please go back to one of my early replies
> where I mentioned you would need a rule in the FORWARD chain to
> accept outgoing traffic to your LAN unless your default policy is
> ACCEPT. And your example of /etc/sysconfig/iptables *did* contain
> ACCEPT default policies.
> 
> I'd like to see the full output of "iptables-save".

Here is it:

[root@imoqland root]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.2.6a on Thu Oct 31 14:25:30 2002
*mangle
:PREROUTING ACCEPT [560108:108371236]
:INPUT ACCEPT [434537:90320860]
:FORWARD ACCEPT [163:9484]
:OUTPUT ACCEPT [169065:19276317]
:POSTROUTING ACCEPT [175473:20023241]
COMMIT
# Completed on Thu Oct 31 14:25:30 2002
# Generated by iptables-save v1.2.6a on Thu Oct 31 14:25:30 2002
*nat
:PREROUTING ACCEPT [255232:37397118]
:POSTROUTING ACCEPT [20187:1660015]
:OUTPUT ACCEPT [20131:1656818]
[42:2532] -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT
--to-destination 192.168.105.220:80
COMMIT
# Completed on Thu Oct 31 14:25:30 2002
# Generated by iptables-save v1.2.6a on Thu Oct 31 14:25:30 2002
*filter
:INPUT ACCEPT [48719:35011105]
:FORWARD ACCEPT [163:9484]
:OUTPUT ACCEPT [169033:19272646]
:RH-Lokkit-0-50-INPUT - [0:0]
[434536:90320795] -A INPUT -j RH-Lokkit-0-50-INPUT
[0:0] -A FORWARD -s 192.168.105.220 -i eth1 -p tcp -j LOG --log-prefix
"FORWARD: "
[35:3440] -A FORWARD -p tcp -m tcp --dport 80 -j LOG
[83643:8738141] -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 53 -j
ACCEPT
[5:300] -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --tcp-flags
SYN,RST,ACK SYN -j ACCEPT
[4753:627208] -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
[272361:43190457] -A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
[0:0] -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A RH-Lokkit-0-50-INPUT -s 192.168.1.169 -p udp -m udp --sport 53
-j ACCEPT
[255:18712] -A RH-Lokkit-0-50-INPUT -s 200.33.79.237 -p udp -m udp
--sport 53 -j ACCEPT
[223:14812] -A RH-Lokkit-0-50-INPUT -s 200.33.79.239 -p udp -m udp
--sport 53 -j ACCEPT
[2378:125812] -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
[22199:2594248] -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
--reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Oct 31 14:25:30 2002


Notice the line where it says:

[272361:43190457] -A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT

So, it is accepting all traffic coming from private network, isn't it?

-- 
ˇSé libre, usa software libre!
Be free, use free software!
http://www.imoqland.com/



-- 
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
[Index of Archives]     [Fedora General Discussion]     [Red Hat General Discussion]     [Centos]     [Kernel]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux