Solved

iptables

Posted on 2011-09-22
5
564 Views
Last Modified: 2012-06-22
Can someone explain to me what the top 3 rules in my iptables config file mean with regard the [0:0]. Also, is there any significance in their order? If i change my iptables file so that :INPUT DROP[0:0] is first then everything then changes to be under Chain INPUT (policy ACCEPT). It's just my lack of understanding but trying to understand it.

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT



[root@testbox ~]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:tftp
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  
0
Comment
Question by:lolaferrari
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36582352
Can someone explain to me what the top 3 rules in my iptables config file mean with regard the [0:0]
They are the default chains for the filter table.  The 0:0 part is packets:bytes for each chain.  The order will match just like normal rules match in order -- they go down the list and use the first-matched rule.  So if INPUT ACCEPT is first, then INPUT DROP will never be hit... on that note I don't even know if it's possible to have 2 default rules for a chain -- this is not something that is usually done.

IMO you should only use ACCEPT during your initial rule testing setup so that you don't lock yourself out.  Once you have a complete set of working rules, change all default chain rules to DROP imo.

The best way IMO is to set DROP for everything, then create ACCEPT rules as needed... just make sure you at least open up TCP/22 before changing that, unless you have console access.
0
 

Author Comment

by:lolaferrari
ID: 36582456
OK great so below is this INPUT chain basically saying DROP everything except those mentioned underneath it's header?

Chain INPUT (policy DROP)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:tftp
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36582585
Yep!  If no rules are matched in the table you pasted above, then the default rule will apply to those packets.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36582588
Excuse me I meant in the chain you pasted, not table.
0
 

Author Closing Comment

by:lolaferrari
ID: 36583308
fantastic| thanks for that
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question