Solved

What is RH-Firewall-1-INPUT for iptables (Linux Centos 5.9)?

Posted on 2014-01-28
7
1,335 Views
Last Modified: 2015-01-05
Hi,

1) I'm wondering what this is:
RH-Firewall-1-INPUT

http://www.cyberciti.biz/faq/linux-open-iptables-firewall-port-22-23/

This is the code. The page says to vim and edit:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

Open in new window


How is that different than using something like (example):
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT

at the command line?

2) Also, I have this:

root@ip-184-168-116-73 [/etc/sysconfig]# vim iptables
# Generated by iptables-save v1.3.5 on Mon Jan 27 12:38:23 2014
*mangle
:PREROUTING ACCEPT [162046:22599185]
:INPUT ACCEPT [162046:22599185]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [172917:32155415]
:POSTROUTING ACCEPT [172917:32155415]
COMMIT
# Completed on Mon Jan 27 12:38:23 2014
# Generated by iptables-save v1.3.5 on Mon Jan 27 12:38:23 2014
*filter
:INPUT ACCEPT [162043:22599033]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [172914:32155295]
:acctboth - [0:0]
-A INPUT -j acctboth
-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT
-A OUTPUT -j acctboth
-A OUTPUT -p tcp -m tcp --sport 9000 -j ACCEPT

Open in new window


Just wondering what does this part mean:
-A INPUT -j acctboth

before:
-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT

Thanks!
0
Comment
Question by:Victor Kimura
  • 3
  • 2
  • 2
7 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 167 total points
ID: 39815285
It's just the name of the chain.  You can call it anything though, in this example, using INPUT or anything INPUT makes sense.
0
 

Author Comment

by:Victor Kimura
ID: 39815368
@_jesper@, ok, thanks.
So for FORWARD you can just name it so it's kind of like a comment to let you know what the rule is, right?

Also, I'm wondering what does this part mean:
-A INPUT -j acctboth

before:
-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT

Thanks!
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39815374
there should be more to the ruleset that includes 'acctboth'.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 

Author Comment

by:Victor Kimura
ID: 39815388
when I run cat /etc/sysconfig/iptables
it's in my output.

See my initial post, (2) point or question to see the output
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 333 total points
ID: 39826296
That is first rule from system-config-firewall, i.e. open port numbers selection screens.
0
 

Author Comment

by:Victor Kimura
ID: 39827919
@gheist, Ok, thanks!

So it's needed like so?

-A INPUT -j acctboth
-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT

Just wondering if it's omitted, what would happen? I guess I'm not clear about what it means "open port numbers selection screens". Can you expound?

I'm trying to learn the firewall rules. Still very new to me. Thanks!
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 333 total points
ID: 39828273
Run system-config-firewall-tui and adjust "open ports" adding 9000/tcp
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question