Open main menu

CDOT Wiki β

Changes

OPS235 Lab 6 - CentOS7 - SSD

746 bytes added, 07:01, 16 June 2016
no edit summary
Usually when setting policy rules with iptables, a general "overall" policy is set (default policy chain), and then set policy rules in other chains which act as exceptions to the default policy. Usually, a general policy would apply to ALL types of packets (tcp, udp, icmp) and all communication port numbers (80, 22, etc).
'''Examples:'''
'''iptables -P INPUT DROP'''
After the overall default policy is set, then you can create policy rules that are "exceptions" to the default policy rules. The <b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.2em;">-J</span></code></b> option is used to redirect (jump) packets to actions (ACCEPT, REJECT, DROP, LOG) if the packet match that policy rule. The option <b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.2em;">-A</span></code></b> is used to append the policy rule to the <u>bottom</u> of the chain. The option <b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.2em;">-I</span></code></b> is used to insert a policy rule before an existing policy line number (if used with no number, will insert at the <u>top</u> of the chain) '''Example:''' '''iptables -P INPUT DROP'''   
+++ Show iptables command to create policy exceptions +++
13,420
edits