Thanks for having me!
So… I did a fresh install of RHEL v6.7. I was setting up just NTP service and followed some tutorial on the interwebs. At some point is this tutorial it suggested that I should open port udp 123 so the server could receive NTP querys from other clients.
After that fresh install no configuration was done whatsoever.
When I checked the iptables service this is what I got.
[root@SVNTPRJO01 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
I’m not a linux guy but reading man pages and some blog posts I understand that because of rule number 3 on the INPUT chain this server would accept anything from anywhere, including udp 123, right?
Is my understanding correct?
This server only has one nic (eth0).
The firewall is fine.
You need to add
-v to see the full output.
Then you will see that the rule you think is allowing access from anywhere, actually allows access only on the
lo interface, that is, anywhere on localhost.
You can open ports in the firewall configuration by running the
system-config-firewall-tui command in a terminal, or
system-config-firewall on a graphical system.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.