13,420
edits
Changes
no edit summary
After the overall default policy is set, then you can create policy rules that are "exceptions" to the default policy rules. The <b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.5em;">-j</span></code></b> option is used to redirect (jump) packets to actions (ACCEPT, REJECT, DROP, LOG) if the packet match that policy rule. The option <b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.2em5em;">-p</span></code></b> will indicate the protocol used (eg. tcp, upd, icmp). The options <b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.5em;">--dport</span></code></b> or <b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.5em;">--sport</span></code></b> indicate the "destination communication port" or "source communication port" respectively. The option <b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.5em;">-A</span></code></b> is used to append the policy rule to the <u>bottom</u> of the chain. The option <b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.5em;">-I</span></code></b> is used to insert a policy rule before an existing policy line number (if used with no number, will insert at the <u>top</u> of the chain)
'''Examples:'''