Firewall functions: IPTABLES
iptables -t table –L –v
displays information and statistics counters of a specified table (see paragraph about accounting).
Examples will be shown in the following sections.
FIREWALL WITH FILTER TABLE
The filter table (-t filter) is related to activities of traffic filtering. The filter table is the default
table: it is used when no table is defined by the iptables command. It has 3 default chains:
Is applied to packets received by the router and addressed to the router
Is applied to packets sent by the router, i.e. generated locally
Is applied to packets in transit
In order to allow access to Telnet service of the router the command is:
iptables –t filter -I INPUT –p tcp --dport 23 –j ACCEPT
or:
iptables –I INPUT –p tcp --dport 23 –j ACCEPT
In order to allow host with IP 10.0.1.1 to access server with IP 192.168.0.1:
iptables –I FORWARD –s 10.0.1.1 –d 192.168.0.1 –j ACCEPT
In order to deny access to port 80 to the host with IP 10.0.1.2 the command is:
iptables –I FORWARD -p tcp --dport 80 –s 10.0.1.2 –d 192.168.0.1 –j DROP
Rules are analysed in the order according to which they are added. A rule can be inserted at the
head of the list by using the –I option or at the foot (and so considered as last) by using the –A
option. It is possible to insert a rule in a specific position through the option: -I chain num. For
example:
iptables –A FORWARD -p udp --dport 37 –s 10.0.1.2 –d 192.168.0.1 –j DROP
iptables –I FORWARD 2 -p tcp –s 10.0.1.2 –d 192.168.0.1 –j DROP
In order to display the rules within the filter table:
iptables –t filter –L –v
while the command
iptables –L –v --line-numbers
also displays the order number of the rule.
A default action is defined for each chain and it is applied if a packet has not satisfied any of the
rules present. The default action includes accepting the packet and pass to the next table. Using
the –P option it is possible to modify the default action. For example:
iptables -P FORWARD DROP
iptables –P OUTPUT ACCEPT
To Next Page
Loading...
Need help?
General
