Changes

Jump to: navigation, search

OPS235 Lab 6 - CentOS7

550 bytes removed, 17:47, 4 May 2015
no edit summary
If a packet matches a specified rule, it must “jump” to an existing '''condition'''. Simple conditions include '''ACCEPT''', '''DROP''' and '''LOG''' but there are also more complex conditions that can be applied and there is even the option to create your own conditions.
When using iptables, the '''Filter''' table is important because it contains the following essential '''chains''':<br><br>*'''INPUT:''' Packets are checked against the INPUT chain to see if it is '''allowed into''' the PC<br><br>*'''OUTPUT:''' Packets are checked against the OUTPUT chain to see if it is <u>allowed to go outside</u> of the PC<br><br>
*'''FORWARD:'''PC is acting as a router it does not actually send or receive data, it <u>FORWARDS</u> data from one machine to another
}}
|}
# For the remainder of this section, use your '''c7host ''' machine.
# As root on the CentOS host enter the following commands at the prompt:
#* <code>iptables -F</code> (This flushes out or clears all of your rules from the chains)
# Write the commands you executed in your lab book.
# Can we mix these policies? Try to set the FORWARD chain policy to ACCEPT. Did it work?
{{Admon/note | Chain Policies | Each chain has a default policy. In my example here the default policy is ACCEPT. This means that if data packets are checked and there is no rule that matches that packet in the chain the data will be allowed to pass to it's destination. Conversely, if the policy is set to DROP then the packet will be dropped if there is no match. Flushing the table (<code>iptables -F</code>) when an ACCEPT policy is in place will cause all packets to be accepted; flushing the table when an DENY policy is in place will cause all packets to be dropped.}}
=== Testing policies ===
Msaul
Administrators
13,420
edits
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/110722"

Navigation menu