Open main menu

CDOT Wiki β

Changes

OPS235 Lab 6 - Fedora17

114 bytes added, 19:48, 13 March 2011
Investigation 8: How do I view and configure the IPTABLES firewall? -- Basic Function/Configuration
#* <code>iptables -L</code>
# You should see something similar to this:<br /><br />Chain INPUT (policy ACCEPT)<br /><br />target prot opt source destination<br /><br />Chain FORWARD (policy ACCEPT)<br /><br />target prot opt source destination<br /><br />Chain OUTPUT (policy ACCEPT)<br /><br />target prot opt source destination<br /><br />
{{Admon/note | Chain Policies | Each chain has a default policy. In my example here the default policy is ACCEPT. This means that if data packets are checked and there is no rule that matches that packet in the chain the data will be allowed to pass to it's destination. Conversely, if the policy is set to DROP then the packet will be dropped if there is no match. See the MAN page for <code>iptables</code> for detailed information on switches and options.}}
# Set the default policy for the INPUT chain to DROP:
#* <code>iptables -P INPUT DROP</code>
# Write the commands you executed in your lab book.
# Can we mix these policies? Try to set the FORWARD chain policy to ACCEPT. Did it work?
{{Admon/note | Chain Policies | Each chain has a default policy. In my example here the default policy is ACCEPT. This means that if data packets are checked and there is no rule that matches that packet in the chain the data will be allowed to pass to it's destination. Conversely, if the policy is set to DROP then the packet will be dropped if there is no match. Flushing the table (<code>iptables -F</code>) when an ACCEPT policy is in place will cause all packets to be accepted; flushing the table when an DENY policy is in place will cause all packets to be dropped.}}
==== Testing policies ====