Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Firewall rules in Fedora Core

Reply
Thread Tools Display Modes

Firewall rules in Fedora Core

 
 
Daniel Camps
Guest
Posts: n/a

 
      12-12-2004, 06:01 PM
These are the default Firewall rules, applied in the INPUT and
FORWARDING chains when you install Fedora Core 3 and activate the
default firewall configuration.

ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:5353
ACCEPT udp -- anywhere anywhere udp
dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTAB LISHED
REJECT all -- anywhere anywhere
reject-with icmp-ho st-prohibited


I don't understand the first rule, this is an ACCEPT everything, isn't
it ?, then all the packets would match this first rule and stop
checking the rest.
I don't understand either the rule 5353, what's that port ?, and
finally the one with RELATED, ESTABLISHED, is to let only connections
starting from my computer (SYN equal 0), but this is only for TCP, is
this right ?
The default policy of the chains is ACCEPT.

Can someone clarify me the behavior of these rules ?

Thanks a lot
 
Reply With Quote
 
 
 
 
Markku Kolkka
Guest
Posts: n/a

 
      12-12-2004, 09:39 PM
Daniel Camps wrote:
> These are the default Firewall rules, applied in the INPUT and
> FORWARDING chains when you install Fedora Core 3 and activate the
> default firewall configuration.
>
> ACCEPT all -- anywhere anywhere

You should give the command "iptables -L -v" to get the full information.
The above rule becomes:

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
4031 4964K ACCEPT all -- lo any anywhere anywhere

> I don't understand the first rule, this is an ACCEPT everything, isn't
> it ?

Only for packets coming from the loopback interface (in == lo), i.e.
originating from the same machine.

> I don't understand either the rule 5353, what's that port ?,

Multicast DNS (mDNS).

> and
> finally the one with RELATED, ESTABLISHED, is to let only connections
> starting from my computer (SYN equal 0), but this is only for TCP, is
> this right ?

No, that rule applies to all protocols, as the iptables report shows.

> The default policy of the chains is ACCEPT.

The last rule in the INPUT and FORWARD chains rejects any packages not
accepted by the previous rules.

--
Markku Kolkka
(E-Mail Removed)
 
Reply With Quote
Reply

« Newbie - sharing devices/files in Linux | Stats comp.os.linux.networking (last 7 days) »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora Core 9 and atm Mathias Koerber Linux Networking 0 07-16-2008 08:39 AM
Dialin on Fedora Core 4? harold@hallikainen.com Linux Networking 2 12-25-2005 10:30 PM
Strange SSH halting problem between Fedora Core 2/Fedora Core 3 Jonathan Abbey Linux Networking 4 12-03-2004 05:00 PM
PrismStumbler & Fedora Core 1 Sean Fernandez Linux Networking 0 04-16-2004 12:51 AM
Iptables nat firewall under fedora core 1 Jim Linux Networking 0 12-16-2003 05:24 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11