9
edits
Changes
→Investigation 8: How do I view and configure the IPTABLES firewall? -- Basic Function/Configuration
** <code>iptables -I OUTPUT -p tcp -s0/0 -d 0/0 –dport 80 -j DROP</code>
{{Admon/note | | This command can be read like this: , Insert a line into the iptables OUTPUT chain that will look at tcp information and DROP any packet with a source address from anywhere, to a destination address to anywhere if the destination port = is 80 (WWW.) Let's break down the command to see how it works.
The '''-I''' switch tells iptables to INSERT this line into the OUTPUT policy. This means it will be the first line in the policy. If we used a -A switch it would have appended the line and it would be the last line of the policy. If you are writing complex iptables rules where multiple matches can occur, it is important that the lines go in the right order. Most people simply write scripts to ensure this.
}}
* Try to access the Web. If you have done everything right, you should not have been successful.
* After you have completed the test execute the following command:
** <code>iptables -F</code>
'''Additional Exercises'''
Open a text editor and write a script that will accomplish the above task for you when you run it. Show the script to your professor and execute it.
