Archived from groups: comp.security.firewalls (
More info?)
On Mon, 21 Jun 2004 21:07:26 -0400, the right honourable Mike - EMAIL
IGNORED <m_d_beger_1900@yahoo.com> wrote:
>
>
>Wolfgang Kueter wrote:
>>
>> Mike - EMAIL IGNORED wrote:
>>
>> > Using RH-E-WS-3, where can I get a description of the
>> > iptables file format?
>>
>> Usually iptables commands are put together in some (bash) shell script,
>> which is just an ascii text file.
>>
>> > I have read numerous things
>> > about it, but there are still lines that are not
>> > explained.
>>
>> man iptables
>> http://www.iptables.org/documentation/
>>
>> Wolfgang
>As far as I can tell, the man pages do not deal with my question.
>I am not asking how to use iptables. I am asking what the lines
>in the iptables mean. For example, the first two lines in the file
>generated by RH are:
> *filter
> :INPUT[0,0]
>A few questions:
> What is the '*' for?
> What is the *filter line for?
> What does the colon mean?
> What does the [0,0] mean?
> What is the :INPUT[0,0] line for?
>And this is just the first two lines. Is there a document that
>describes the format?
>
>Thanks,
>Mike.
I don't think you want to know about these lines you are referring to.
They are a sort of compilation of the rules you write in a BASH
script, like
#!/bin/bash
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
iptables -t nat -P OUTPUT DROP
iptables -t nat -F
etc...
When starting iptables, you execute this bash script.
after that, you can do iptables-save to save your rules in a compiled
fashion that will load quicker later , with iptables-restore.
you find the docs here:
http://www.netfilter.org/documentation/index.html#documentation-howto
Erik