iptables question

[Red Squirrel]

This is what I have in my status:


Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT all -- 12.96.160.0/24 0.0.0.0/0
3 ACCEPT all -- 67.19.0.0/24 0.0.0.0/0
4 ACCEPT all -- 216.234.234.0/24 0.0.0.0/0
5 ACCEPT all -- 70.85.125.0/24 0.0.0.0/0
6 ACCEPT all -- 70.84.160.0/24 0.0.0.0/0
7 ACCEPT all -- 216.40.193.0/24 0.0.0.0/0
8 ACCEPT all -- 66.98.240.192/26 0.0.0.0/0
9 ACCEPT all -- 209.85.4.0/26 0.0.0.0/0
10 ACCEPT all -- 216.12.193.9 0.0.0.0/0
11 ACCEPT all -- 75.125.126.8 0.0.0.0/0
12 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:34
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21

Chain FORWARD (policy DROP)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination




What does line 12 mean? From looks of it, thats allowing everything through, but yet its not. So what is it and why is it there? (I never added it).

 

[Brazen]

I would think that means it's allowing everything. Or maybe allowing nothing. I do all my iptables admin from Webmin though, so I'm not very familiar with how it looks on the command line (one of the few instances, I prefer a gui over the command line).

 

[degibson]

0.0.0.0/0

This rule matches exactly 0 IP addresses. Hence, I would imagine it does nothing, unless there's some iptables magic at work here that I'm not familiar with.

 

[Red Squirrel]

Hmm figured that meant "any" IP address. Is there a reason that rule would exist and shoudl I worry about it?

 

[degibson]

Beats me :/

 

[Red Squirrel]

Anyone know of a good iptables resource? I want to learn this stuff, from command line perspective. I'll be coding a control panel for web hosting so I will most likely incorporate a firewall tool in there as well.

 

[Netopia]

http://iptables-tutorial.frozentux.net/iptables-tutorial.html

Perhaps?

Joe

 

[Johnniewalker]

Usually, that does mean all ips.