13,420
edits
Changes
no edit summary
Since Linux servers may be connected to the Internet, it is very important to run a firewall to control what comes into the computer system, what goes out of the computer system, and what may be forwarded to another computer. A utility called '''iptables''' can be used to set the firewall rules on a Linux server.
Basically, there is a list ('''chain''') of policy rules that packets must pass-through in order to handle packets. If a packet matches a rule, then an action is taken (some examples include: '''ACCEPT''', '''DROP''', '''REJECT''', or '''LOG'''). If the packet passes through the chain of rules without a match, then the packet is directed to the default policy chain (for example: ''ACCEPT'' , ''REJECT'', or ''REJECTDROP'').
You can create your own customized chains (which you will learn in OPS335 course) but to keep thing simple, we only deal with 3 common predefined chains:
==== Setting Default Policy and Policy Exceptions with iptables ====
Usually when setting policy rules with iptables, a general "overall" policy is set (default policy chain), and then set policy rules in other chains which act as exceptions to the default policy. Usually, a general policy would apply to ALL types of packets (tcp, udp, icmp) and all communication port numbers (80, 22, etc).
+++ Show iptables command to create policy exceptions +++