Open main menu

CDOT Wiki β

Changes

IPTables

2,289 bytes added, 16:23, 27 July 2010
Created page with '= IPTables Command Structure and Overview = The intended audience for this document is Andrew Grimo's OPS235 class. It is a guide to IPTables in the context of what OPS235 is c…'
= IPTables Command Structure and Overview =

The intended audience for this document is Andrew Grimo's OPS235 class. It is a guide to IPTables in the context of what OPS235 is currently studying and therefore a variety of its complexities will not be explored here.

This is an outline of
* how IPTables command lines are structured and understood
* an explanation of the rule specifications that we use
* sample commands that can be seen in the labs to relate to this document



== Command Line Structure ==

At its core basics, an Iptables command is made up of the following parts.

* The first line below identifies the structure of the commands we would use.
* The lines that follow are similar as found in the iptables man pages.
** the items listed with [ ] square brackets are optional in the command


<pre> #iptables command chain rule-spec([match,] target/jump )
------- --------- ----------------------
#iptables -A chain rule-spec (Appends a rule)
'' -D chain rule# (Delete by rule number)
'' -D chain rule-spec (Delete by rule-spec match)
'' -I chain [rule#] rule-spec (Insert by rule-spec)
The rule# is 1 by default
Otherwise it is optional
'' -R chain rule# rule-spec (Replace by rule#)
'' -P chain target (Policy set for chain)

'' -F [chain] (Flush the rules from memory)
'' -L [chain] [--line-numbers] (List current rules in memory)
'' -S [chain] (Shows the rules in memory in
their command format)

Other commands using "service"

# service iptables status (List rules currently in memory)

# service iptables save (Saves the current configuration
into /etc/sysconfig/iptables )
</pre>