Solved

Iptables  - How many non udp/tcp protocols exist and where can I get a list on the Internet

Posted on 2013-10-25
2
580 Views
Last Modified: 2013-10-26
Given:
The top two rules of my iptables config file:
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

What are they saying ?  First open everything up from anywhere to anywhere but
what am I opening up besides udp and tcp protocols  what does all include exactly??

Also on the same page I would love to find a book that only covers iptables which is not a cheat sheet book. I mean something that really explains how it functions would be nice.
I have a basic understanding but more knowledge never hurts
0
Comment
Question by:Robert Silver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
ID: 39602807
As for iptables, the keyword all does include:
tcp
udp
udplite
icmp
esp
ah
sctp

The first rule allows everything, since 'block' is the default action.
The second rule (which will in your case never be used because ip rules are evaluated on first match basis) is a default 'anti lockout rule'. This will allow any existing connections (established) nor new connections from existing  connections/sockets (related) to continue if not otherwise allowed.
This rule is important for instance when your only access to a system would be ssh and you turn on iptables with a wrong rule witch would block ssh traffic. You would be locked out from your system forcing you to have physical access to it to turn off the bad iptables rule.

As for a guide, first read about firewalls/network filters in general (all work basically the same) and then iptables in special, this might be why you only find cheat sheets. All the important stuff is covered in iptables man pages.

Please also read:
http://en.wikipedia.org/wiki/Firewall_(computing)
http://en.wikipedia.org/wiki/Transport_layer
http://en.wikipedia.org/wiki/Internet_layer
http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-iptables-options.html
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39603345
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Configuring Apache Camel to send and recieive from QPID Broker 2 35
Help With Shell Script Centos 6 6 92
CENTOS DHCP Server / PXE/TFTP 14 216
bash file 10 68
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question