Mike - EMAIL IGNORED wrote:
> Using RH-E-WS-3, where can I get a description of the
> iptables file format? I have read numerous things
> about it, but there are still lines that are not
> explained.
>
man iptables ?

If that is not enough, I suggest you get "Red Hat Linux Firewalls" by Bill
McCarty and published by redhat PRESS.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 07:50:00 up 3 days, 7:14, 3 users, load average: 3.19, 3.16, 2.95

On Mon, 21 Jun 2004 07:19:34 -0400, Mike - EMAIL IGNORED wrote:

> Using RH-E-WS-3, where can I get a description of the iptables file
> format? I have read numerous things about it, but there are still lines
> that are not explained.

The RH file format for iptables kind of sucks.

I run all of my rules from a bash script that has:

service iptables save
service iptables restart

as it's last two lines.

That way you can use variables for addresses and ports and the commands
are complete. It also allows you to have all your rules backed up and to
maintain several versions if you want to.

--
i.m.
The USA Patriot Act is the most unpatriotic act in American history.

Jean-David Beyer wrote:
>
> Mike - EMAIL IGNORED wrote:
> > Using RH-E-WS-3, where can I get a description of the
> > iptables file format? I have read numerous things
> > about it, but there are still lines that are not
> > explained.
> >
> man iptables ?
>
> If that is not enough, I suggest you get "Red Hat Linux Firewalls" by Bill
> McCarty and published by redhat PRESS.

I hope that I don.t have to buy a book. As far as I can tell,
the man pages do not deal with my question. I am not asking how
to use iptables. I am asking what the lines in the iptables mean.
For example, the first two lines in the file generated by RH are:
*filter
:INPUT[0,0]
A few questions:
What is the '*' for?
What is the *filter line for?
What does the colon mean?
What does the [0,0] mean?
What is the :INPUT[0,0] line for?
And this is just the first two lines. Is there a document that
describes the format?

Thanks,
Mike.

Mike - EMAIL IGNORED wrote:
> Jean-David Beyer wrote:
>
>>Mike - EMAIL IGNORED wrote:
>>
>>>Using RH-E-WS-3, where can I get a description of the
>>>iptables file format? I have read numerous things
>>>about it, but there are still lines that are not
>>>explained.
>>>
>>
>>man iptables ?
>>
>>If that is not enough, I suggest you get "Red Hat Linux Firewalls" by Bill
>>McCarty and published by redhat PRESS.
>
>
> I hope that I don.t have to buy a book. As far as I can tell,
> the man pages do not deal with my question. I am not asking how
> to use iptables. I am asking what the lines in the iptables mean.
> For example, the first two lines in the file generated by RH are:
> *filter
> :INPUT[0,0]
> A few questions:
> What is the '*' for?
> What is the *filter line for?
> What does the colon mean?
> What does the [0,0] mean?
> What is the :INPUT[0,0] line for?
> And this is just the first two lines. Is there a document that
> describes the format?
>
I must guess, but I am sure I am mostly right.

There seem to be three _asterisk_ lines:

*filter
*mangle
*nat

that denote the tables actually being defined. I believe they are comments.

The _colon_ lines are also comments with a name and two comma-separated
numbers in brackets. These seem to specify the number of packets the rule
handled and the number of bytes processed. The _colon_ lines appear thus,
and are comments.

:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

These rules received no packets and therefore no bytes.

THe other type looks like this:

[2104:369553] -A INPUT -i lo -j ACCEPT

This rule in the INPUT table says if something comes in from the loopback
interface, it should be accepted. The numbers say it received 2104
packets, totalling 369553 bytes.

Whatever the syntax, iptables can handle such a file when diddled by
something like /etc/rc.d/init.d/iptables start

Now my shell script that I use to set it all up in the first place has
none of that. A few lines from here and there look like this:

$IPT -P INPUT DROP # Set default policy to DROP
$IPT -P OUTPUT DROP # Set default policy to DROP
$IPT -P FORWARD DROP # Set default policy to DROP
$IPT -F # Flush all chains
$IPT -X # Delete all userchains
#
#
for table in filter nat mangle; do
$IPT -t $table -F # Delete the table's rules
$IPT -t $table -X # Delete the table's chains
$IPT -t $table -Z # Zero the table's counters
done

$IPT -A INPUT -j SHUN
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -j IN_IP_CHECK
$IPT -A INPUT -j IN_FIREWALL
$IPT -A INPUT -j BAD_INPUT


--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 22:05:00 up 3 days, 21:29, 3 users, load average: 4.18, 3.96, 3.53

Hi Mike,
Was just at this site last night, they got a lot of good info and
examples,
hope this is what your looking for.

http://www.netfilter.org

-Dennis

"Mike - EMAIL IGNORED" wrote in message
news:40D6C446.D592C8B4@yahoo.com...
> Using RH-E-WS-3, where can I get a description of the
> iptables file format? I have read numerous things
> about it, but there are still lines that are not
> explained.
>
> Thanks,
> Mike.
>