Solved

Iptables  - How many non udp/tcp protocols exist and where can I get a list on the Internet

Posted on 2013-10-25
2
556 Views
Last Modified: 2013-10-26
Given:
The top two rules of my iptables config file:
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

What are they saying ?  First open everything up from anywhere to anywhere but
what am I opening up besides udp and tcp protocols  what does all include exactly??

Also on the same page I would love to find a book that only covers iptables which is not a cheat sheet book. I mean something that really explains how it functions would be nice.
I have a basic understanding but more knowledge never hurts
0
Comment
Question by:Robert Silver
2 Comments
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
ID: 39602807
As for iptables, the keyword all does include:
tcp
udp
udplite
icmp
esp
ah
sctp

The first rule allows everything, since 'block' is the default action.
The second rule (which will in your case never be used because ip rules are evaluated on first match basis) is a default 'anti lockout rule'. This will allow any existing connections (established) nor new connections from existing  connections/sockets (related) to continue if not otherwise allowed.
This rule is important for instance when your only access to a system would be ssh and you turn on iptables with a wrong rule witch would block ssh traffic. You would be locked out from your system forcing you to have physical access to it to turn off the bad iptables rule.

As for a guide, first read about firewalls/network filters in general (all work basically the same) and then iptables in special, this might be why you only find cheat sheets. All the important stuff is covered in iptables man pages.

Please also read:
http://en.wikipedia.org/wiki/Firewall_(computing)
http://en.wikipedia.org/wiki/Transport_layer
http://en.wikipedia.org/wiki/Internet_layer
http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-iptables-options.html
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39603345
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now