What is RH-Firewall-1-INPUT for iptables (Linux Centos 5.9)?

Hi,

1) I'm wondering what this is:
RH-Firewall-1-INPUT

http://www.cyberciti.biz/faq/linux-open-iptables-firewall-port-22-23/

This is the code. The page says to vim and edit:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

Open in new window


How is that different than using something like (example):
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT

at the command line?

2) Also, I have this:

root@ip-184-168-116-73 [/etc/sysconfig]# vim iptables
# Generated by iptables-save v1.3.5 on Mon Jan 27 12:38:23 2014
*mangle
:PREROUTING ACCEPT [162046:22599185]
:INPUT ACCEPT [162046:22599185]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [172917:32155415]
:POSTROUTING ACCEPT [172917:32155415]
COMMIT
# Completed on Mon Jan 27 12:38:23 2014
# Generated by iptables-save v1.3.5 on Mon Jan 27 12:38:23 2014
*filter
:INPUT ACCEPT [162043:22599033]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [172914:32155295]
:acctboth - [0:0]
-A INPUT -j acctboth
-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT
-A OUTPUT -j acctboth
-A OUTPUT -p tcp -m tcp --sport 9000 -j ACCEPT

Open in new window


Just wondering what does this part mean:
-A INPUT -j acctboth

before:
-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT

Thanks!
Victor KimuraSEO, Web DeveloperAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Jan SpringerConnect With a Mentor Commented:
It's just the name of the chain.  You can call it anything though, in this example, using INPUT or anything INPUT makes sense.
0
 
Victor KimuraSEO, Web DeveloperAuthor Commented:
@_jesper@, ok, thanks.
So for FORWARD you can just name it so it's kind of like a comment to let you know what the rule is, right?

Also, I'm wondering what does this part mean:
-A INPUT -j acctboth

before:
-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT

Thanks!
0
 
Jan SpringerCommented:
there should be more to the ruleset that includes 'acctboth'.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Victor KimuraSEO, Web DeveloperAuthor Commented:
when I run cat /etc/sysconfig/iptables
it's in my output.

See my initial post, (2) point or question to see the output
0
 
gheistConnect With a Mentor Commented:
That is first rule from system-config-firewall, i.e. open port numbers selection screens.
0
 
Victor KimuraSEO, Web DeveloperAuthor Commented:
@gheist, Ok, thanks!

So it's needed like so?

-A INPUT -j acctboth
-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT

Just wondering if it's omitted, what would happen? I guess I'm not clear about what it means "open port numbers selection screens". Can you expound?

I'm trying to learn the firewall rules. Still very new to me. Thanks!
0
 
gheistConnect With a Mentor Commented:
Run system-config-firewall-tui and adjust "open ports" adding 9000/tcp
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.