[KLUG Members] ACCEPT all -- anywhere anywhere, eh?

Adam Tauno Williams members@kalamazoolinux.org
Thu, 9 Jan 2003 15:20:47 -0500

Previous message: [KLUG Members] ProFTPD logging
Next message: [KLUG Members] ACCEPT all -- anywhere anywhere, eh?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is the redhat firewall config tool goobered?

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere           
...
Chain RH-Lokkit-0-50-INPUT (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http
flags:SYN,RST,ACK/SYN 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
flags:SYN,RST,ACK/SYN 
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     udp  --  k2.iserv.net         anywhere           udp spt:domain 
ACCEPT     udp  --  everest.iserv.net    anywhere           udp spt:domain 
REJECT     tcp  --  anywhere             anywhere           tcp
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere           udp reject-with
icmp-port-unreachable 

Doesn't the "ACCEPT all -- anywhere anywhere" negate all the rules below it?

Previous message: [KLUG Members] ProFTPD logging
Next message: [KLUG Members] ACCEPT all -- anywhere anywhere, eh?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]