Changes between Version 4 and Version 5 of sysadminiptables


Ignore:
Timestamp:
Jun 20, 2009, 12:34:26 PM (13 years ago)
Author:
risard
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • sysadminiptables

    v4 v5  
    3030{{{
    3131    target     prot opt source        destination
    32     ACCEPT     tcp  --  larry.isp.ca  currly.isp.ca dpt:ssh
    33     ACCEPT     tcp  --  moe.isp.ca  currly.isp.ca tcp dpt:ssh
    34     ACCEPT     tcp  --  larry.isp.ca currly.isp.ca tcp dpt:2301
    35     ACCEPT     tcp  --  moe.isp.ca  currly.isp.ca tcp dpt:2301
     32    ACCEPT     tcp  --  larry.isp.ca  curly.isp.ca dpt:ssh
     33    ACCEPT     tcp  --  moe.isp.ca  curly.isp.ca tcp dpt:ssh
     34    ACCEPT     tcp  --  larry.isp.ca curly.isp.ca tcp dpt:2301
     35    ACCEPT     tcp  --  moe.isp.ca  curly.isp.ca tcp dpt:2301
    3636}}}
    3737
     
    4747'''NOTE:''' that the command requires the use of sudo to use.
    4848
     49The output of either command will group the lines above into three sections called "chains".  Each chain represents inbound packets (Chain INPUT), outbound packets (Chain OUTPUT) and packets that are to be passed transparently to other machines (Chain FORWARD).  The only one you should concern yourself with, and the only one being used on this page or in these examples is Chain INPUT.  We're only concerned with being able to accept packets from other machines.
     50
     51You will also notice several special lines that have "state" listed as their destination, likely with ESTABLISHED, RELATED or something similar.  These are special entries and should never be modified by you.  In addition, you will see a lot of entries for "dpt:22" or "dpt:ssh".  '''Never change these without consultations from your fellow Conifer admins!'''  These entries allow for ssh between the various machines and allow you to ssh into the machines.  If you remove them, you will not be able to interact remotely with the server anymore!  If this happens, you need to call our isp, and have them fix it.
     52
     53The output is easier to read from right to left.  dpt = "destination port" so the first reads:
     54
     55"packets destined for port 22 on curly.isp.ca - that are from larry.isp.ca - should be accepted." 
     56
    4957
    5058