Changes between Version 5 and Version 6 of sysadminiptables


Ignore:
Timestamp:
Jun 20, 2009, 12:45:36 PM (13 years ago)
Author:
risard
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • sysadminiptables

    v5 v6  
    4949The output of either command will group the lines above into three sections called "chains".  Each chain represents inbound packets (Chain INPUT), outbound packets (Chain OUTPUT) and packets that are to be passed transparently to other machines (Chain FORWARD).  The only one you should concern yourself with, and the only one being used on this page or in these examples is Chain INPUT.  We're only concerned with being able to accept packets from other machines.
    5050
    51 You will also notice several special lines that have "state" listed as their destination, likely with ESTABLISHED, RELATED or something similar.  These are special entries and should never be modified by you.  In addition, you will see a lot of entries for "dpt:22" or "dpt:ssh".  '''Never change these without consultations from your fellow Conifer admins!'''  These entries allow for ssh between the various machines and allow you to ssh into the machines.  If you remove them, you will not be able to interact remotely with the server anymore!  If this happens, you need to call our isp, and have them fix it.
     51You will also notice several special lines that have "state" listed as their destination, likely with ESTABLISHED, RELATED or something similar.  These are special entries and should never be modified by you.  In addition, you will see a lot of entries for "dpt:22" or "dpt:ssh".  '''Never change these without consultations from your fellow Conifer admins! '''  These entries allow for ssh access between the various servers and allow you to ssh into the machines.  If you remove them, you will not be able to interact remotely with the server anymore!  If this happens, you need to call our isp, and have them fix it.
    5252
    53 The output is easier to read from right to left.  dpt = "destination port" so the first reads:
     53The output is easier to read from right to left.  dpt = "destination port" so
     54{{{
     55    target     prot opt source        destination
     56    ACCEPT     tcp  --  larry.isp.ca  curly.isp.ca dpt:ssh
     57}}}
     58reads
     59{{{
     60    "packets destined for the ssh port on curly - that are from larry - should be accepted." 
     61}}}
    5462
    55 "packets destined for port 22 on curly.isp.ca - that are from larry.isp.ca - should be accepted." 
     63=== Setting Iptables ===
    5664
    57 
    58 
    59 
    60 
    61 In Debian Lenny there are two ways to change iptables.  You can issue commands at the shell prompt using the iptables command.  When you do this, it's important to nt
     65In Debian Lenny there are two ways to change iptables.  You can edit the tables interactively at the shell using the iptables command and then save them with iptables-save command, or you can edit the file where the tables are stored directly and then apply them.    When you set do this, it's important to nt