iptables rules Do the rules accept SSH connections? (yes or no) (Does line \"-A

Question

iptables rules

Do the rules accept SSH connections? (yes or no) (Does line "-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT" mean yes?)
Do the rules allow the analysis machine to be ping'd on the eth0 interface? (yes or no) (Does line "-A INPUT -i eth0 -p icmp -j ACCEPT" mean yes?)

# Generated by iptables-save v1.4.21 on Tue Oct 17 05:30:26 2017
*filter
:INPUT ACCEPT [422:35421]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6998:11222259]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p icmp -j ACCEPT
-A INPUT -i eth0 -j DROP
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s 192.168.56.0/24 -d 143.215.130.30/32 -j ACCEPT
-A FORWARD -s 192.168.56.0/24 -d 54.202.185.61/32 -j ACCEPT
-A FORWARD -s 192.168.56.0/24 -d 130.207.0.0/16 -j DROP
-A FORWARD -s 192.168.56.0/24 -d 143.215.0.0/16 -j DROP
-A FORWARD -s 192.168.56.0/24 -d 128.61.0.0/16 -j DROP
-A FORWARD -p udp -m udp --dport 135:139 -j DROP
-A FORWARD -p tcp -m tcp --dport 135:139 -j DROP
-A FORWARD -p udp -m udp --dport 445 -j DROP
-A FORWARD -p tcp -m tcp --dport 445 -j DROP
-A FORWARD -s 192.168.56.0/24 -i vboxnet0 -o eth0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
COMMIT
# Completed on Tue Oct 17 05:30:26 2017
# Generated by iptables-save v1.4.21 on Tue Oct 17 05:30:26 2017
*mangle
:PREROUTING ACCEPT [6038:8407598]
:INPUT ACCEPT [6033:8407035]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6998:11222259]
:POSTROUTING ACCEPT [7068:11231649]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Tue Oct 17 05:30:26 2017
# Generated by iptables-save v1.4.21 on Tue Oct 17 05:30:26 2017
*nat
:PREROUTING ACCEPT [28:2457]
:INPUT ACCEPT [23:1894]
:OUTPUT ACCEPT [527:35545]
:POSTROUTING ACCEPT [8:723]
-A PREROUTING -p tcp -m tcp --dport 25 -j DNAT --to-destination 143.215.130.30:25
-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Tue Oct 17 05:30:26 2017

Explanation / Answer

Yes, its correct that the below given command allow incoming SSH connections.

Its also true that the rules allow the analysis machine to be pinged on eth0 interface.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.