| 32 | | ACCEPT tcp -- larry.isp.ca currly.isp.ca dpt:ssh |
| 33 | | ACCEPT tcp -- moe.isp.ca currly.isp.ca tcp dpt:ssh |
| 34 | | ACCEPT tcp -- larry.isp.ca currly.isp.ca tcp dpt:2301 |
| 35 | | ACCEPT tcp -- moe.isp.ca currly.isp.ca tcp dpt:2301 |
| | 32 | ACCEPT tcp -- larry.isp.ca curly.isp.ca dpt:ssh |
| | 33 | ACCEPT tcp -- moe.isp.ca curly.isp.ca tcp dpt:ssh |
| | 34 | ACCEPT tcp -- larry.isp.ca curly.isp.ca tcp dpt:2301 |
| | 35 | ACCEPT tcp -- moe.isp.ca curly.isp.ca tcp dpt:2301 |
| | 49 | The output of either command will group the lines above into three sections called "chains". Each chain represents inbound packets (Chain INPUT), outbound packets (Chain OUTPUT) and packets that are to be passed transparently to other machines (Chain FORWARD). The only one you should concern yourself with, and the only one being used on this page or in these examples is Chain INPUT. We're only concerned with being able to accept packets from other machines. |
| | 50 | |
| | 51 | You will also notice several special lines that have "state" listed as their destination, likely with ESTABLISHED, RELATED or something similar. These are special entries and should never be modified by you. In addition, you will see a lot of entries for "dpt:22" or "dpt:ssh". '''Never change these without consultations from your fellow Conifer admins!''' These entries allow for ssh between the various machines and allow you to ssh into the machines. If you remove them, you will not be able to interact remotely with the server anymore! If this happens, you need to call our isp, and have them fix it. |
| | 52 | |
| | 53 | The output is easier to read from right to left. dpt = "destination port" so the first reads: |
| | 54 | |
| | 55 | "packets destined for port 22 on curly.isp.ca - that are from larry.isp.ca - should be accepted." |
| | 56 | |
