IPTables
Revision as of 16:23, 27 July 2010 by Andrewgrimo (talk | contribs) (Created page with '= IPTables Command Structure and Overview = The intended audience for this document is Andrew Grimo's OPS235 class. It is a guide to IPTables in the context of what OPS235 is c…')
IPTables Command Structure and Overview
The intended audience for this document is Andrew Grimo's OPS235 class. It is a guide to IPTables in the context of what OPS235 is currently studying and therefore a variety of its complexities will not be explored here.
This is an outline of
- how IPTables command lines are structured and understood
- an explanation of the rule specifications that we use
- sample commands that can be seen in the labs to relate to this document
Command Line Structure
At its core basics, an Iptables command is made up of the following parts.
- The first line below identifies the structure of the commands we would use.
- The lines that follow are similar as found in the iptables man pages.
- the items listed with [ ] square brackets are optional in the command
#iptables command chain rule-spec([match,] target/jump ) ------- --------- ---------------------- #iptables -A chain rule-spec (Appends a rule) '' -D chain rule# (Delete by rule number) '' -D chain rule-spec (Delete by rule-spec match) '' -I chain [rule#] rule-spec (Insert by rule-spec) The rule# is 1 by default Otherwise it is optional '' -R chain rule# rule-spec (Replace by rule#) '' -P chain target (Policy set for chain) '' -F [chain] (Flush the rules from memory) '' -L [chain] [--line-numbers] (List current rules in memory) '' -S [chain] (Shows the rules in memory in their command format) Other commands using "service" # service iptables status (List rules currently in memory) # service iptables save (Saves the current configuration into /etc/sysconfig/iptables )