Google
  Web www.spinics.net

Re: Help an IPTABLES neophyte please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Question for clarification on
REDHAT iptables vs iptables

It seems that there is something that translates an
"abbreviated" iptables command-line and processes it.

WHY ? The cmd line differences seem trivial.
eg.
> iptables -A INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT

Where is this process for "abbreviation/translation/processing" documented?
I can read the iptables docs but I can not find docs or rationale
on this.

Using the normal iptables, allows you to imbed sh commands in the
stream but I can't do that because of the "translation".

I have looked at the iptables package and the securitylevel but
I can't find it.

I don't want to disable SELINUX but I would like to look at
disabling this translation.


Here is the beginning of the REDHAT iptables RedHat
installs at start-up:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

////////////////////////////////////////////

Here is a sample of your code:
> Dang, change jobs?  Nerd.com now? LOL
>
> Here's the script I use to set the firewall.  IP's have been modified to
> protect the innocent
>
> #Clean out the IP Tables
> iptables -F
> iptables -X
>
> #setup default filter policy
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
>
> #Allow unlimited traffic on loopback
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@xxxxxxxxxx
Subject: unsubscribe

[Red Hat Kickstart]     [Fedora Users]     [Red Hat General]     [Red Hat Development]     [Samba]     [Kernel]     [Kernel Newbies]     [Hot Springs]     [Yosemite News]

Powered by Linux