That works better, thanks. With the extra output, I see that the third rule only relates to the 'lo' loopback interface, which makes sense. Kind of a flaw that iptables -L did not tell me this crucial bit of info.
Thanks, Nick. Michal 'hramrach' Suchanek wrote: > Nick Thompson wrote: > >> Hello, >> >> With LM8.1 I am trying to shore up my machine using Bastille - I >> don't need anything complex. Setup went fine, but now I'm tring to >> understand what it has done. iptables -L says: >> >> Chain INPUT (policy DROP) >> target prot opt source destination >> DROP tcp -- anywhere 127.0.0.0/8 >> ACCEPT all -- anywhere anywhere state >> RELATED,ESTABLISHED >> ACCEPT all -- anywhere anywhere >> DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere >> PUB_IN all -- anywhere anywhere >> PUB_IN all -- anywhere anywhere >> PUB_IN all -- anywhere anywhere >> >> ...snip the rest which seems fine. Rule 3 & 4 in the input chain >> confuse me. Rule 3 looks like it will accept anything what so ever, >> so none of the following rules will be used. Have I misunderstood? >> > I was confused by this as well. Try > #service bastille-firewall status > it lists additional criteria that are not shown by iptables -L. It > looks fine then (I think). Perhaps there's some option for more > verbose output.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com