[nos-bbs] iptables qestion and....

Michael Fox - N6MEF n6mef at mefox.org
Thu Nov 15 00:34:05 EST 2012 

Hi Jerome,

Essentially correct.
Each chain has a default policy.  The default policy defines what happens if
a packet makes it through all of the rules in the chain without being
matched.  Typically one would set the default policy to DROP and then add
rules to match and ACCEPT the particular types of packets that you want to
accept.  Anything else would be dropped by the default policy.  In the
output below, the default policy is ACCEPT for each chain, so if no rules
are matched, the packet is allowed.  And, since there are no rules, then all
packets are allowed.

So what does allowed mean?
The INPUT chain is for packets destined for Linux itself.  Such as if you
were to ssh to the linux machine.
The FORWARD chain is for packets that will travel through the Linux box.
Such as packets coming in on one interface and exiting via another.
The OUTPUT chain is for packets that the Linux box originates.  Such as if
you were to ping someone FROM the linux box.

The configuration below merely shows that iptables isn't going to get in the
way of any packets.  But that doesn't mean that the ports are open.  For the
port to be open, you need some application running and listening on that
port.  For example, if you were running a ssh server, then port 22 would be
open (unless it was configured to listen on another port.  

Michael
N6MEF

-----Original Message-----
From: nos-bbs-bounces at tapr.org [mailto:nos-bbs-bounces at tapr.org] On Behalf
Of jerome schatten
Sent: Wednesday, November 14, 2012 8:35 PM
To: nos-bbs
Subject: [nos-bbs] iptables qestion and....

If I run the command 'iptables -L', on my jnos machine (the box), it
returns:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
orange at orange:~$ 

In the ordinary English language sense of the word ACCEPT, I interpret this
to mean that there is no linux firewall. Is this correct? It seems to behave
in just the opposite way.

The reason I ask is because running nmap pointing at the jnos machine (the
target is the ethernet addrress), from another machine on the lan, shows all
ports closed except 631 and 22.

Help an old man out here, eh?
jerome - ve7ass


_______________________________________________
nos-bbs mailing list
nos-bbs at tapr.org
https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs

More information about the nos-bbs mailing list