From mboxrd@z Thu Jan  1 00:00:00 1970
From: Rachael <rachael.lists@gmail.com>
Subject: File iptables - howto
Date: Tue, 24 Oct 2006 23:30:27 +0100
Message-ID: <453E9403.8080509@gmail.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <linux-admin-owner@vger.kernel.org>
Sender: linux-admin-owner@vger.kernel.org
List-Id: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: linux-admin <linux-admin@vger.kernel.org>

Hello,

I have this /etc/sysconfig/iptables file with the contents that follow
my signature.

My questions is, this is a file for NATing. If it is a file for a
firewall, for example, what should be in the place of "*nat" ?

Best Regards,
Rachael

*nat
-A POSTROUTING -s 10.1.1.0/24 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i vmnet1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport ntp -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport x11 -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT