Re: Firewall - basic config?
On Sat, 23 Apr 2016 13:04:36 -0400
Harris Paltrowitz <harrisupstate@yahoo.com> wrote:
> I noticed a mention of "microsoft-ds" in
> there... I assume this is just a protocol, and not a piece of
> software!
Yes, iptables is being helpful in giving you a common name for the port
or protocol used. It picks the name out of /etc/services, which is a
useful file to know about. There is also an /etc/protocols, which is a
list of actual IP protocols, but this is not as generally useful, tcp,
udp and icmp are the commonly-used ones. Many VPNs use other IP
protocols to carry the encrypted traffic.
Reco suggests using iptables -nvL which will give numeric IP addresses
and CIDR ranges, and avoid looking up either service names or DNS.
You might also try iptables -S which will list the rules in the form
that you would enter by hand as arguments to the iptables command. It is
a different view, and you may see things that are less obvious in the
-L view.
Remember that IPv6 is alive and well in quite a lot of hardware these
days, and there is an ip6tables to deal with it.
--
Joe
Reply to: