Default Centos 5.4 iptables rules?

Question

For what are these rules in the default iptables shipped with centos 5.4 ?

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

Do I need them for a web server with ftp, apache, ssh, mysql?

Thanks

Answer 1

The first two lines:

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

Analizing /etc/protocols these two correspond to IPSec:

esp     50      IPSEC-ESP       # Encap Security Payload [RFC2406]
ah      51      IPSEC-AH        # Authentication Header [RFC2402]

The third line:

-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

From /etc/services udp port 5353 is multicast DNS:

mdns            5353/udp                        # Multicast DNS

And last, but not least:

-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

These ones correspond to cups printing services.

ipp             631/tcp                         # Internet Printing Protocol
ipp             631/udp

Related to your 'do I need them?' question, it depends:

• Is it a vpn server?
• Do you use multicast dns? Seems to be used by services like Apple's bonjour
• Is it a printing server?

Since you state that it is a "web server with ftp, apache, ssh, mysql" I don't think you need them.

Besides, another question is: why are these rules? You probably have packages you don't need on the server.

Answer 2

Do I need them?

That all depends on where your system is located. Is it hooked to the internet or to a LAN?

B.t.w. type 'setup' as root on the command line and there is a fairly easy to use tool to configure your firewall.