13,420
edits
Changes
no edit summary
<li>Using the commands we already know, change the default policies on all of your chains to ACCEPT.</li>
<li>Open a browser and confirm that you can access the world wide web.</li>
<li>Enter the command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables -I OUTPUT -p tcp -s0/0 -d 0/0 --dport 80 -j DROP</span></code></b></li>
<li>Try to access the Web. If you have done everything right, you should not have been successful.</li>
<li>After you have completed the test execute the following command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables -F</span></code><br/b><br></li>
<li>Using the information you have learned, try on your own to achieve the same goal as above (block www access to your computer) by using the INPUT chain instead of the OUTPUT chain.</li>
<li>After you have completed this task, flush the iptables again.</li>
=== Making iptables Policies Persistent ===
It should be noted that all of the commands that we do here with iptables will not be persistent unless you have your configuration. That means if you re-boot, the default iptables configuration will be loaded. When your iptables service starts or at boot time it has to load the rules from the file <code>'''/etc/sysconfig/iptables</code>'''.
The final section below teaches you to make your iptables settings permanent.
# '''Make a backup of the file <code>'''/etc/sysconfig/iptables</code>'''
# Examine the file to see how rules are added.
# Issue the command: <b><code><span style="color:#3366CC;font-size:1.2em;">iptables-save > /etc/sysconfig/iptables</span></code> </b> to save the rules you added with the iptables command, above.# Verify that the file <code>''''/etc/sysconfig/iptables</code> ''' was updated with your new rules.
# Restart your iptables service and test your configuration.