Home / server / Questions / 131550
Accepted
Gnanam
Asked: 2010-04-13 03:16:31 +0800 CST

Meaning of iptables filter restriction

  • 772

My server is Red Hat Enterprise Linux Server release 5.

I'm not an expert in Linux iptables firewall.

After installation, I find the following entries in /etc/sysconfig/iptables.

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT

What does this iptable filter restriction rule mean?

firewall linux redhat iptables

2 Answers

  1. Best Answer

    The filter table is the table you will use mostly, if you're using iptables to build a firewall. If you want to use iptables to do network address translation, then you'll use the nat table. The mangle table isn't used too often in a typical firewall setting (used to modify packets).

    The *filter says, that all that comes afterwards applies to the filter table. It has an INPUT chain for packets coming into the "inner box" of your machine, an OUTPUT chain for packets leaving the "inner box", and a FORWARD chain for packets that are forwarded elsewhere (they don't come from or leave your "inner box").

    Your current firewall rules state, that your machine is completely open: A pure -j ACCEPT as the only rule in every chain. The [0:0] are counters, and mean, that no packets have arrived or left or been forwarded so far.

    • 2

  2. It specifies the table to use, in this case the filter table. So you could have *mangle or *nat for the other two filters. The COMMIT tells iptables-restore that it is the end of that particular table section, and that apply the rules for that table. You can find out more in the iptables-save section of this iptables how-to.

    • 1