Iptables help

Hi - Have just been asked to look after several linux webservers. One has firewall rules:

Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG

then follow a whole bunch of rules which I can follow but what bothers me is the the first Accept all - surely this just opens the firewall to anything and the packets never get to the rules below or am I missing something fundamental?

The other server has a default INPUT of accept

Chain INPUT (policy ACCEPT) target prot opt source destination acctboth all -- anywhere anywhere DROP all -- 192.192.116.95 anywhere and a few other drops from specific IPs

Chain acctboth (2 references) target prot opt source destination tcp -- a.somewhere.com anywhere tcp dpt:http tcp -- anywhere a.somewhere.comtcp spt:http tcp -- a.somewhere.com anywhere tcp dpt:smtp tcp -- anywhere a.somewhere.comtcp spt:smtp tcp -- a.somewhere.com anywhere tcp dpt:pop3 tcp -- anywhere a.somewhere.comtcp spt:pop3 icmp -- a.somewhere.com anywhere icmp -- anywhere a.somewhere.com tcp -- a.somewhere.com anywhere tcp -- anywhere a.somewhere.com udp -- a.somewhere.com anywhere udp -- anywhere a.somewhere.com all -- a.somewhere.com anywhere all -- anywhere a.somewhere.com then repeats for other domains.

Again I don't see this as excluding anything. Please comment on the two sets of rules. Regards hennyw

Reply to
hennyw
Loading thread data ...

You can't see the real rules that way. This rule maybe has options to match the input interface, so maybe this rule is used to allow traffic from the LAN to the firewall and the others are used to block traffic from the exterior to the server/LAN.

You would need a iptables -L INPUT -xvn to see what the firewall is really doing.

Regards.

Reply to
Jose Maria Lopez Hernandez

In article , hennyw wrote: :Hi - Have just been asked to look after several linux webservers. One :has firewall rules: : :Chain INPUT (policy DROP) :target prot opt source destination :ACCEPT all -- anywhere anywhere :DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE :DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN :DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST :DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST :DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN :DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH :DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG : :then follow a whole bunch of rules which I can follow but what bothers :me is the the first Accept all - surely this just opens the firewall :to anything and the packets never get to the rules below or am I :missing something fundamental?

Always include the "-v" option when listing iptables. Without that option the "in" and "out" interface qualifiers are not shown. That initial "ACCEPT" rule is probably specific to the loopback interface.

Reply to
Robert Nichols

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.