Firewall (IPTABLES)
IPTABLES
|
+----------------+---------------------------------------------
| | |
Filter Table NAT Table Mangle Table
~~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~~~~~~
INPUT PREROUTING PREROUTING -\
FORWARD POSTROUTING INPUT \
OUTPUT FORWARD FORWARD > Chains
OUTPUT /
POSTROUTING -/
iptables -L
iptables -v -L
iptables -F
iptables -v -F
iptables -L <CHAIN>
iptables -v -L <CHAIN>
iptables -F <CHAIN>
iptables -v -F <CHAIN>
iptables -L -t <TABLE>
iptables -v -L -t <TABLE>
iptables -F -t <TABLE>
iptables -v -F -t <TABLE>
iptables -L <CHAIN> -t <TABLE>
iptables -v -L <CHAIN> -t <TABLE>
iptables -F <CHAIN> -t <TABLE>
iptables -v -F <CHAIN> -t <TABLE>
iptables -P <CHAIN> <ACCEPT/DROP>
iptables -A/I <CHAIN> -j <ACCEPT/DROP/REJECT>
iptables -A/I <CHAIN> -s <SOURCE_IP> -j <ACCEPT/DROP/REJECT>
iptables -A/I <CHAIN> -d <DESTINATION_IP> -j <ACCEPT/DROP/REJECT>
iptables -A/I <CHAIN> -p <PROTOCOL> --dport <PORT_NO> -j <ACCEPT/DROP/REJECT>
iptables -A/I <CHAIN> -s <SOURCE_IP> -p <PROTOCOL> --dport <PORT_NO> -j <ACCEPT/DROP/REJECT>
iptables -A/I <CHAIN> -s <SOURCE_IP> -p <PROTOCOL> --dport <PORT_NO> -j <ACCEPT/DROP/REJECT> -t <TABLE>
iptables -D <CHAIN> <RULE_NO>
iptables -D <CHAIN> <RULE_NO> -t <TABLE>
iptables -R <CHAIN> <RULE_NO> <NEW_RULE>
service iptables save
/etc/rc.d/init.d/iptables save
iptables-save -c > /etc/sysconfig/iptables
iptables-restore -c /etc/sysconfig/iptables
