LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (https://www.linuxquestions.org/questions/fedora-35/)
-   -   iptables defaults set by system-config-securitylevel: why are ports 50 and 51 opened? (https://www.linuxquestions.org/questions/fedora-35/iptables-defaults-set-by-system-config-securitylevel-why-are-ports-50-and-51-opened-234328/)

meonkeys 09-23-2004 11:23 AM
iptables defaults set by system-config-securitylevel: why are ports 50 and 51 opened?
 
I initially used a utility called 'system-config-securitylevel' to set up a firewall that only allows incoming SSH connections.

I used 'iptables-save' to dump the chains. What the heck are 'esp' and 'ah' (I think they correspond to ports 50 and 51)?
Code:
# Generated by iptables-save v1.2.9 on Thu Sep 23 09:00:27 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7594:643524]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Sep 23 09:00:27 2004
When I use 'iptables -L' to list the chains, I see the following:
Code:
Chain INPUT (policy ACCEPT)
target    prot opt source              destination       
RH-Firewall-1-INPUT  all  --  anywhere            anywhere           

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       
RH-Firewall-1-INPUT  all  --  anywhere            anywhere           

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       

Chain RH-Firewall-1-INPUT (2 references)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere           
ACCEPT    icmp --  anywhere            anywhere            icmp any
ACCEPT    ipv6-crypt--  anywhere            anywhere           
ACCEPT    ipv6-auth--  anywhere            anywhere           
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ssh
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited

meonkeys 09-23-2004 11:41 AM
partially answered my own question
 
Ok, I guess those two mystery chains are for ipv6-crypt and ipv6-auth, and the protocols(?) are nicknamed 'esp' and 'ah', and are 'ipv6-crypt' and 'ipv6-auth', respectively. More information on IPSEC.

I still don't understand this stuff, however. Anyone have a brief but useful summary on why I might want these two chains in my firewall?

Code:
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
:study:


All times are GMT -5. The time now is 10:17 AM.