
Jump to: navigation, search

OPS235 Lab 7 - CentOS7 - HD2

7 bytes removed, 18:02, 24 October 2016
no edit summary
# Issue the iptables command verify the INPUT policy has been set (look for the Policy section, NOT INPUT).<br><br>After the overall default policy is set, then you can create policy rules that are "exceptions" to the default policy rules. These iptables commands are more complex since you need to determine: <ul><li>'''Where each rules appears in the chain'''? (order can be important)</li><li>'''Which protocol(s)''' are affected (eg. tcp, udp, icmp)</li><li>'''What source or destination IP Addresses''' are affected?</li><li>'''What port numbers''' are affected?</li><li>'''What action to take''' if all of the above conditions are met? (eg. ACCEPT, REJECT, DROP, or LOG)</li></ul><br>
:'''iptables Command Structure (for setting exceptions):'''<br><table width="100%" cellpadding="10" cellspacing="0" border="1"><tr><td>Place Rule in Chain</td><td>Chain Name</td><td>Specify Protocol</td><td>Source/Destination IPADDR</td><td>Port Number</td><td>Action to Take</td><td>Target</td></tr><tr><td>'''-A''' (add / Append to bottom of chain)<br>'''-I''' (insert at top of chain)<br>'''-i CHAIN-NAME 5''' (insert before line #5 in CHAIN-NAME)</td><td>'''INPUT'''<br>'''OUTPUT'''<br>'''FORWARD'''<br>'''CUSTOM-CHAIN-NAME'''</td><td>-p port#<br>(refer to '''/etc/services''' for available port numbers)</td><td>x</td><td>Port Number</td><td>x</td><td>x</td>

Navigation menu