Solved

Iptables  - How many non udp/tcp protocols exist and where can I get a list on the Internet

Posted on 2013-10-25
2
572 Views
Last Modified: 2013-10-26
Given:
The top two rules of my iptables config file:
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

What are they saying ?  First open everything up from anywhere to anywhere but
what am I opening up besides udp and tcp protocols  what does all include exactly??

Also on the same page I would love to find a book that only covers iptables which is not a cheat sheet book. I mean something that really explains how it functions would be nice.
I have a basic understanding but more knowledge never hurts
0
Comment
Question by:Robert Silver
2 Comments
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
ID: 39602807
As for iptables, the keyword all does include:
tcp
udp
udplite
icmp
esp
ah
sctp

The first rule allows everything, since 'block' is the default action.
The second rule (which will in your case never be used because ip rules are evaluated on first match basis) is a default 'anti lockout rule'. This will allow any existing connections (established) nor new connections from existing  connections/sockets (related) to continue if not otherwise allowed.
This rule is important for instance when your only access to a system would be ssh and you turn on iptables with a wrong rule witch would block ssh traffic. You would be locked out from your system forcing you to have physical access to it to turn off the bad iptables rule.

As for a guide, first read about firewalls/network filters in general (all work basically the same) and then iptables in special, this might be why you only find cheat sheets. All the important stuff is covered in iptables man pages.

Please also read:
http://en.wikipedia.org/wiki/Firewall_(computing)
http://en.wikipedia.org/wiki/Transport_layer
http://en.wikipedia.org/wiki/Internet_layer
http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-iptables-options.html
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39603345
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question