Difference between revisions of "IPTables"
Andrewgrimo (talk | contribs) (Created page with '= IPTables Command Structure and Overview = The intended audience for this document is Andrew Grimo's OPS235 class. It is a guide to IPTables in the context of what OPS235 is c…') |
Andrewgrimo (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | |||
The intended audience for this document is Andrew Grimo's OPS235 class. It is a guide to IPTables in the context of what OPS235 is currently studying and therefore a variety of its complexities will not be explored here. | The intended audience for this document is Andrew Grimo's OPS235 class. It is a guide to IPTables in the context of what OPS235 is currently studying and therefore a variety of its complexities will not be explored here. | ||
| Line 7: | Line 6: | ||
* an explanation of the rule specifications that we use | * an explanation of the rule specifications that we use | ||
* sample commands that can be seen in the labs to relate to this document | * sample commands that can be seen in the labs to relate to this document | ||
| − | |||
| Line 17: | Line 15: | ||
* The lines that follow are similar as found in the iptables man pages. | * The lines that follow are similar as found in the iptables man pages. | ||
** the items listed with [ ] square brackets are optional in the command | ** the items listed with [ ] square brackets are optional in the command | ||
| − | |||
<pre> #iptables command chain rule-spec([match,] target/jump ) | <pre> #iptables command chain rule-spec([match,] target/jump ) | ||
| Line 41: | Line 38: | ||
# service iptables save (Saves the current configuration | # service iptables save (Saves the current configuration | ||
into /etc/sysconfig/iptables ) | into /etc/sysconfig/iptables ) | ||
| + | </pre> | ||
| + | |||
| + | == Options for Elements in the Structure == | ||
| + | |||
| + | Considering the commands, chains, matches and targets/jumps... there are only a few of those that we will actually use, at least for this course. Matches can get a bit more complex and will be discussed next, but the others will be listed here. | ||
| + | |||
| + | The items that are listed in ( ) round brackets are there for informational purposes as we don't use them in our course for our configurations. | ||
| + | |||
| + | <pre> | ||
| + | |||
</pre> | </pre> | ||
Revision as of 23:03, 27 July 2010
The intended audience for this document is Andrew Grimo's OPS235 class. It is a guide to IPTables in the context of what OPS235 is currently studying and therefore a variety of its complexities will not be explored here.
This is an outline of
- how IPTables command lines are structured and understood
- an explanation of the rule specifications that we use
- sample commands that can be seen in the labs to relate to this document
Command Line Structure
At its core basics, an Iptables command is made up of the following parts.
- The first line below identifies the structure of the commands we would use.
- The lines that follow are similar as found in the iptables man pages.
- the items listed with [ ] square brackets are optional in the command
#iptables command chain rule-spec([match,] target/jump )
------- --------- ----------------------
#iptables -A chain rule-spec (Appends a rule)
'' -D chain rule# (Delete by rule number)
'' -D chain rule-spec (Delete by rule-spec match)
'' -I chain [rule#] rule-spec (Insert by rule-spec)
The rule# is 1 by default
Otherwise it is optional
'' -R chain rule# rule-spec (Replace by rule#)
'' -P chain target (Policy set for chain)
'' -F [chain] (Flush the rules from memory)
'' -L [chain] [--line-numbers] (List current rules in memory)
'' -S [chain] (Shows the rules in memory in
their command format)
Other commands using "service"
# service iptables status (List rules currently in memory)
# service iptables save (Saves the current configuration
into /etc/sysconfig/iptables )
Options for Elements in the Structure
Considering the commands, chains, matches and targets/jumps... there are only a few of those that we will actually use, at least for this course. Matches can get a bit more complex and will be discussed next, but the others will be listed here.
The items that are listed in ( ) round brackets are there for informational purposes as we don't use them in our course for our configurations.
