3

I've just installed iptables and have ran the command below.

/sbin/iptables-save > /etc/iptables/rules.v4

When I then went to edit the file "/etc/iptables/rules.v4" I found it contained the lines below.

:INPUT ACCEPT [15079:4118707]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [153:28387]

Is anyone able to shed some light on what those numbers in the square brackets mean? I found the article linked below on securing a raspberry pi which has a section on iptables, but the numbers in the square brackets aren't the same as what I have which has led me to ask the question.

https://makezine.com/2017/09/07/secure-your-raspberry-pi-against-attackers/

For reference the article has this instead.

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

I had mistakenly posted this question on stackoverflow, and was told to post it here, but someone did answer and state that they were ports, and that iptables would only allow connections to the port range specified.

This didn't really make a whole lot of sense to me as I am able to connect to port 22 for SSH which is outside of the IP range mentioned in the square brackets. Is anyone able to explain it further perhaps?

sebasth
  • 14,872
AeroMaxx
  • 189
  • The answer on SO is nonsense. TCP/UDP port number is a 16 bit unsigned integer, so the maximum port number is 65535. If the values above would be a port range, it would define a range larger than the total amount of available ports. – sebasth Sep 22 '17 at 09:06
  • Also, you should not cross-post the same question to three different stack exchange sites. – sebasth Sep 22 '17 at 09:12

1 Answers1

5

Those are values for packet and byte counters for each chain.

With -c option, iptables-save also outputs packet and byte counts for each rule. You can view these counts for active tables using iptables -L -v.

sebasth
  • 14,872