RHEL5 rh-firewall-1-input

Comments 2

I want to create my iptables configuration from scratch on RHEL5. Do I need to define and use the rh-firewall-1-input chain or can I just use the INPUT chain? I believe rh-firewall-1-input was removed starting RHEL6.

Started 2016-04-29T14:53:32+00:00 by

Eric Liszka

Community Member 92 points

Responses

Guru 6435 points

29 April 2016 5:03 PM

thomas.jones2@dodiis.mil

Community Leader

There's no specific requirement to use named chains. The only ones that iptables specifically cares about are OUTPUT, INPUT and FORWARD. That said, named chains can be very useful for "limiting damage" when you have multiple people administering a host. Instead of having everyone fiddling with INPUT, you can do jumpouts to named-chains and tell people, "make your changes in this chain".

Typically, I place my core rules in INPUT and my application rules into named-chains. The jumpouts to the other chains come after the core rules in INPUT. If I find someone's added further rules directly to INPUT, they typically get summarily deleted.

EL Community Member 92 points

4 May 2016 6:23 PM

Eric Liszka

That answered my question Tom, thank you very much for your response.

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Responses