Solved

Iptables  - How many non udp/tcp protocols exist and where can I get a list on the Internet

Posted on 2013-10-25
2
585 Views
Last Modified: 2013-10-26
Given:
The top two rules of my iptables config file:
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

What are they saying ?  First open everything up from anywhere to anywhere but
what am I opening up besides udp and tcp protocols  what does all include exactly??

Also on the same page I would love to find a book that only covers iptables which is not a cheat sheet book. I mean something that really explains how it functions would be nice.
I have a basic understanding but more knowledge never hurts
0
Comment
Question by:Robert Silver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
ID: 39602807
As for iptables, the keyword all does include:
tcp
udp
udplite
icmp
esp
ah
sctp

The first rule allows everything, since 'block' is the default action.
The second rule (which will in your case never be used because ip rules are evaluated on first match basis) is a default 'anti lockout rule'. This will allow any existing connections (established) nor new connections from existing  connections/sockets (related) to continue if not otherwise allowed.
This rule is important for instance when your only access to a system would be ssh and you turn on iptables with a wrong rule witch would block ssh traffic. You would be locked out from your system forcing you to have physical access to it to turn off the bad iptables rule.

As for a guide, first read about firewalls/network filters in general (all work basically the same) and then iptables in special, this might be why you only find cheat sheets. All the important stuff is covered in iptables man pages.

Please also read:
http://en.wikipedia.org/wiki/Firewall_(computing)
http://en.wikipedia.org/wiki/Transport_layer
http://en.wikipedia.org/wiki/Internet_layer
http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-iptables-options.html
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39603345
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question