thr3ads.net - CentOS - [CentOS] iptables [Nov 2013]

If this information is useful, please help other people find it:
Share via:

Wes James

2013-Nov-05 23:55 UTC

[CentOS] iptables

I ran:

iptables -L

and see this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

Does the

REJECT all

over-ride the

ACCEPT all

Would "DROP all" be better so people banging on the ports don't
see a reply?

I ran the gui tool to open ssh and it is in between ACCEPT all and REJECT
all.  Why does it work if there is a REJECT all after it?

Thanks,

-wes

John R Pierce

2013-Nov-06 00:22 UTC

head link

[CentOS] iptables

On 11/5/2013 3:55 PM, Wes James wrote:> I ran:
>
> iptables -L
incomplete output.  try...

iptables -L -vn

and you'll probably see that reject is for a specific packet type. the v 
is for verbose, the n is for numeric output (no DNS lookup)

-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast

Reasonably Related Threads

Search for more apparently analagous threads

CentOS - Nov 2013 - iptables

[CentOS] iptables

[CentOS] iptables

Reasonably Related Threads