On Mon, Apr 12, 2010 at 8:31 AM, Tanstaafl <tansta...@libertytrek.org> wrote: > On 2010-04-11 9:20 AM, Graham Murray wrote: >> Tanstaafl <tansta...@libertytrek.org> writes: >>> I'm a bit clueless when it comes to firewalls, and have no idea what >>> these numbers mean/do: >>> >>> *raw >>> :PREROUTING ACCEPT [4911:886011] >>> :OUTPUT ACCEPT [4546:2818732] >>> COMMIT > >> The numbers are [packets:bytes] which match the rule or table >> concerned. > > Ok, so... I still don't know what they *mean*... ie, is this a hole in > my firewall? What is the raw table used for, in plain english? > > More importantly though... > > When I try to remove the nat and raw tables from my firewall, they don't > go away. I have always kept my rules in a separate file, and when I want > to make changes, I change the external file, then do iptables-restore < > /path/to/iptables-current. > > (My rule set is very small, so this only takes a second or two, so its > not/never been a problem) > > I've been doing it this way for a long time, and all other changes I > have ever made - eg, opening a certain port for a certain host - work > fine, but, when I comment out the raw and nat tables, then restore the > rules, then do iptables-save > path/to/iptables-current-dump, the > examined file still shows the raw and nat tables loaded... ??? > >
Here is a very useful book. I think he is the expert. He will answer email. LINUX FIREWALLS Attack Detection and Response with iptables, psad, and fwsnort by Michael Rash ISBN-10: 1-59327-141-7 ISBN-13: 978-1-59327-141-1 No Starch Press, Inc. 555 De Haro Street, Suite 250, San Francisco, CA 94107 phone: 415.863.9900; fax: 415.863.9950; i...@nostarch.com; www.nostarch.com Librar y of Congress Cataloging-in-Publication Data Rash, Michael. Linux firewalls : attack detection and response with iptables, psad, and fwsnort / Michael Rash. p. cm. Includes index. ISBN-13: 978-1-59327-141-1 ISBN-10: 1-59327-141-7 1. Computers--Access control. 2. Firewalls (Computer security) 3. Linux. I. Title. QA76.9.A25R36 2007 005.8--dc22 2006026679 -- If we can but prevent the government from wasting the labours of the people, under the pretence of taking care of them, they must become happy. - Thomas Jefferson
