Changes

OPS235 Lab 7 - CentOS7 - HD2

705 bytes added, 17:39, 24 October 2016

no edit summary

</table>

:'''Perform the following steps:'''

# Issue the following Linux command: <code>iptables -P INPUT DROP</code># Issue the iptables command verify the INPUT policy has been set. After the overall default policy is set, then you can create policy rules that are "exceptions" to the default policy rules. These iptables commands are more complex since you need to determine: <ul><li>Where each rules appears in the chain (order can be important)</li><li>Which protocol(s) are affected (eg. tcp, udp, icmp)</li><li>What source or destination IP Addresses are affected?</li><li>What port numbers are affected?</li><li>What action to take if all of the above conditions are met? (eg. ACCEPT, REJECT, DROP, or LOG)</li></ul> The <code>-j</code> option is used to redirect (jump) packets to actions (ACCEPT, REJECT, DROP, LOG) if the packet match that policy rule. The option <code>-p</code> will indicate the protocol used (eg. tcp, upd, icmp). The options <code>--dport</code> or <code>--sport</code> indicate the "destination communication port" or "source communication port" respectively. You can view the file '''/etc/services''' to determine the communication port number for the appropriate network service. The option <code>-A</code> is used to append the policy rule to the bottom of the chain. The option <code>-I</code> is used to insert a policy rule before an existing policy line number (if used with no number, will insert at the top of the chain)

'''Examples:'''

Msaul

Administrators

13,420

edits

Changes

OPS235 Lab 7 - CentOS7 - HD2

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

get involved with CDOT

courses

course projects

links

Tools