[KLUG Members] re: IPTables

[Mike Williams]

OK, here's an iptables-save

# Generated by iptables-save v1.2.6a on Fri Feb 21 13:08:49 2003
*filter
:INPUT ACCEPT [966:172775]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4949:814105]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -s 192.168.40.0/255.255.255.0 -p tcp -m tcp 
--tcp-flags
SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 192.168.40.0/255.255.255.0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK 
SYN -j
ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 15353 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK 
SYN -j
ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 
67:68 -j ACC
EPT
-A RH-Lokkit-0-50-INPUT -i eth1 -p udp -m udp --sport 67:68 --dport 
67:68 -j ACC
EPT


-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT


-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --tcp-flags 
SYN,RST,ACK SYN
 -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --tcp-flags 
SYN,RST,ACK SYN -
j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT 
--reject-with icm
p-port-unreachable
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT 
--reject-with icmp-
port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --tcp-flags 
SYN,RST,ACK
SYN -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --tcp-flags 
SYN,RST,ACK SYN -
j REJECT --reject-with icmp-port-unreachable
COMMIT

I separated out the most confusing line, but now that I have a little 
more info to work with, I'm taking a wild guess that -i lo means that 
this rule only applies to the loopback?  Although why there's an eth0 
and and an eth1 above it baffles me.  This machine doesn't have an eth1.