[Techtalk] iptables query - fairly ungent!

David Sumbler david at aeolia.co.uk
Tue Sep 28 01:50:47 EST 2004 

On Tue, 28 Sep 2004, Hugo Chasqueira wrote:

> The command 'iptables -L' isn't showing you everything.
>
> You should use the '-v' parameter (verbose), so that iptables shows you the
> interface to which the rules apply.
>
> Try:
>
> iptables -L -v

Phew!

Thanks for that.

iptables -L -v gives me:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
51478 4094K RH-Firewall-1-INPUT  all  --  any    any     anywhere             anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RH-Firewall-1-INPUT  all  --  any    any     anywhere             anywhere

Chain OUTPUT (policy ACCEPT 51654 packets, 3128K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain RH-Firewall-1-INPUT (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     udp  --  any    any     clock3.redhat.com    anywhere            udp spt:ntp dpt:ntp
   55  4180 ACCEPT     udp  --  any    any     clock1.redhat.com    anywhere            udp spt:ntp dpt:ntp
    0     0 ACCEPT     udp  --  any    any     clock2.redhat.com    anywhere            udp spt:ntp dpt:ntp
    0     0 ACCEPT     udp  --  any    any     clock1.redhat.com    anywhere            udp spt:ntp dpt:ntp
49239 2853K ACCEPT     all  --  lo     any     anywhere             anywhere
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp any
    0     0 ACCEPT     ipv6-crypt--  any    any     anywhere             anywhere
    0     0 ACCEPT     ipv6-auth--  any    any     anywhere             anywhere
 2184 1236K ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:5901
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:5801
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:ssh
    0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited

which looks OK to me up to about RH-Firewall-1-INPUT line 8.  But can
you tell me what "RELATED", "ESTABLISHED" and "NEW" signify?

(Further down, ports 5901 and 5801 are for VNC, which I do use
sometimes.)

Anyway, it seems that 'iptables -L', on its own, is a bit useless!

By the way, am I interpreting this correctly in thinking that an
external 'ping' will produce a useful response?

David

--

More information about the Techtalk mailing list