#头两行是注释说明 # Firewall configuration written by System-config-securitylevel # Manual customization to this file is not recom
Mended. #使用filter表 *filter #下面四条内容定义了内建的INPUT, Forwaard, ACCEPT chain, also created a new chain called Rh-firewall-1-input: INPUT ACCEPT [0:0]: FORWARD ACCEPT [0:0]: OUTPUT ACCEPT [0:0]: Rh-firewall-1-input-[0:0] #将所有流入的数据写入到日志文件中-A input-j LOG--log-level crit #下面这条规则将
Added to the input chain, all packets sent to the input chain will jump to the RH-FIREWALL-1//chain.
-A input-j rh-firewall-1-input #下面这条规则将添加到FORWARD链上, all packets sent to the INPUT chain will jump to the RH-FIREWALL-1//chain. -A forward-j rh-firewall-1-input #下面这条规则将被添加到RH-firewall-1-input chain.
It can match all packets, where the inflow interface (-i)//is a loop interface (LO). #匹配这条规则的数据包将全部通过 (ACCEPT), no other rules will be used to compare them-a rh-firewall-1-input-i lo-j ACCEPT #下面这条规则是拒绝所以的icmp包-P is the protocol such as: ICMP, TCP, Udp. The port is the--sport source port behind-p,--dport destination port. -J Specifies the #目的地址如 sent by the packet: ACCEPT, DROP, queue, and so on-A rh-firewall-1-input-p ICMP--icmp-type any-j drop-a rh-firewall-1-input-p 50 -j accept-a rh-firewall-1-input-p 51-j accept-a rh-firewall-1-input-p UDP--dport 5353-d 224.0.0.251-j Accept-a rh-firewall-1-input-p udp-m UDP--dport 631-j accept-a rh-firewall-1-input-p tcp-m tcp--dport 631-j ACC Ept-a rh-firewall-1-input-m State--state established,related-j ACCEPT #-m The state--state established,related This condition indicates that all in E
Stablished or related packages, policies are accepted.
#-M State--state NEW This condition is the policy when the status of the connection is the initial connection (new). -A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 21-j accept-a rh-firewall-1-input-m State--state NEW -M tcp-p tcp--dport 2049-j accept-a rh-firewall-1-input-m State--state new-m tcp-p TCP--dport 22-j accept-a RH -firewall-1-input-m State--state new-m udp-p UDP--dport 137-j accept-a rh-firewall-1-input-m State--state new-m Udp-p UDP--dport 138-j accept-a rh-firewall-1-input-m State--state new-m tcp-p TCP--dport 139-j accept-a RH-Fir Ewall-1-input-m State--state new-m tcp-p TCP--dport 445-j accept-a rh-firewall-1-input-m State--state new-m TCP -P TCP--dport 23-j accept-a rh-firewall-1-input-m State--state new-m tcp-p TCP--dport 80-j drop-s 222.221.7.84-a rh-firewall-1-input-m State--state new-m tcp-p TCP--dport 80-j accept-a rh-firewall-1-input-m State--state new-m tcp-p TCP--dport 443-j accept-a RH-Firewall-1- Input-m State--state new-m tcp-p TCP--dport 25-j accept-a rh-firewall-1-input-j REJECT--reject-with
Hibited COMMIT Iptalbes is a stateful detection firewall.