Solved

Iptables  - How many non udp/tcp protocols exist and where can I get a list on the Internet

Posted on 2013-10-25
2
589 Views
Last Modified: 2013-10-26
Given:
The top two rules of my iptables config file:
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

What are they saying ?  First open everything up from anywhere to anywhere but
what am I opening up besides udp and tcp protocols  what does all include exactly??

Also on the same page I would love to find a book that only covers iptables which is not a cheat sheet book. I mean something that really explains how it functions would be nice.
I have a basic understanding but more knowledge never hurts
0
Comment
Question by:Robert Silver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
ID: 39602807
As for iptables, the keyword all does include:
tcp
udp
udplite
icmp
esp
ah
sctp

The first rule allows everything, since 'block' is the default action.
The second rule (which will in your case never be used because ip rules are evaluated on first match basis) is a default 'anti lockout rule'. This will allow any existing connections (established) nor new connections from existing  connections/sockets (related) to continue if not otherwise allowed.
This rule is important for instance when your only access to a system would be ssh and you turn on iptables with a wrong rule witch would block ssh traffic. You would be locked out from your system forcing you to have physical access to it to turn off the bad iptables rule.

As for a guide, first read about firewalls/network filters in general (all work basically the same) and then iptables in special, this might be why you only find cheat sheets. All the important stuff is covered in iptables man pages.

Please also read:
http://en.wikipedia.org/wiki/Firewall_(computing)
http://en.wikipedia.org/wiki/Transport_layer
http://en.wikipedia.org/wiki/Internet_layer
http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-iptables-options.html
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39603345
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question