What does the last part in the following rules means in term of traffic that is allowed in (dtp:domain, bootps) ? From my research I understand that bootps is bootstrap and dpt is destination port but I don't get what its actually doing or allowing and I doubt its allowing any packets in, as such default rules wouldn't make sense. (I looked in the man page for iptables but couldn't find the answer)
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps 2 2 Answers
The rules allow receiving UDP and TCP packets which were sent to ports 53 (named "domain"; the DNS port) and 67 (named "bootps"; the DHCP & BOOTP server port).
The names are from /etc/services, which itself comes from the master list maintained by IANA. These days "bootps" means DHCP, which is an improved form of the old BOOTP protocol.
In short, the rules were meant to allow the system to act as a DNS & DHCP server.
Side note 1: The 4th rule is somewhat useless, since DHCP/BOOTP never uses TCP. Whoever wrote the ruleset didn't care much.
Side note 2: In fact, note that the chain has "policy ACCEPT", which basically means that there's an implicit "accept anything" rule at the very bottom.
Since there are no rules that would reject or drop any packets, then all packets will be accepted, making all four rules redundant.
2The services "domain" and "bootps" are listed in /etc/services
Try grep 'domain' /etc/services to get the port number for the service.
Or iptables -nL to list your rules with port numbers instead of service name.