Re: Help an IPTABLES neophyte please | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Question for clarification on REDHAT iptables vs iptables It seems that there is something that translates an "abbreviated" iptables command-line and processes it. WHY ? The cmd line differences seem trivial. eg. > iptables -A INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT Where is this process for "abbreviation/translation/processing" documented? I can read the iptables docs but I can not find docs or rationale on this. Using the normal iptables, allows you to imbed sh commands in the stream but I can't do that because of the "translation". I have looked at the iptables package and the securitylevel but I can't find it. I don't want to disable SELINUX but I would like to look at disabling this translation. Here is the beginning of the REDHAT iptables RedHat installs at start-up: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT //////////////////////////////////////////// Here is a sample of your code: > Dang, change jobs? Nerd.com now? LOL > > Here's the script I use to set the firewall. IP's have been modified to > protect the innocent > > #Clean out the IP Tables > iptables -F > iptables -X > > #setup default filter policy > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > > #Allow unlimited traffic on loopback > iptables -A INPUT -i lo -j ACCEPT > iptables -A OUTPUT -o lo -j ACCEPT _______________________________________________ Redhat-install-list mailing list Redhat-install-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/redhat-install-list To Unsubscribe Go To ABOVE URL or send a message to: redhat-install-list-request@xxxxxxxxxx Subject: unsubscribe
[Home] [Red Hat Kickstart] [Fedora Users] [Red Hat General] [Red Hat Watch List] [Red Hat Development] [Samba List] [Kernel List] [Kernel Newbies] [Hot Springs] [Yosemite News]