iptables question

[SatelliteX]

Something that confuses me about FC4 firewall. Rule number 1 is an accept all rule!
Why is it there. Since this rule should yield a match for every incoming packet, won't this mean the firewall is off?

Here is what my iptables looks like:

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
DROP all -- 58.0.0.0/7 0.0.0.0/0
DROP all -- 210.0.0.0/7 0.0.0.0/0
DROP all -- 125.0.0.0/8 0.0.0.0/0
DROP all -- 222.0.0.0/8 0.0.0.0/0
DROP all -- 219.0.0.0/8 0.0.0.0/0
DROP all -- 220.0.0.0/7 0.0.0.0/0
DROP all -- 60.0.0.0/7 0.0.0.0/0
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1723

[stoggy]

yes it would but no its not ... hehe ... all the info doesnt get displayed when you do iptables -L so the part that is important is getting left off

if you:
cat /etc/sysconfig/iptables
The first rule in the RH-Firewall-1-INPUT chain is:
-A RH-Firewall-1-INPUT -i lo -j ACCEPT

so you see it is accepting everything but only on the lo device. This is the loopback device it allows your computer to talk to your computer. This way if your local computer needs to access a network service that it provides it wont have to go out to the network and come right back to get what it needed. You need to allow this or your machine will run incredibly slow and denying it would actually make you less secure.