170
Chapter 13. Firewalls and
iptables
13.3.2. Structure
Many
iptables
commands have the following structure:
iptables [ t
table name ]
command
chain name
parameter 1
\
d
e
d
efd
egd
e
option 1
parameter n
option n
d
ehd
eid
e
In this example, the
table name
option allows the user to select a table other than the default
d
e
filter
table to use with the command. The
command
option is the center of the command, dictat
d
e
ing a specific action to perform, such as appending or deleting a rule from a particular chain, which is
specified by the
chain name
option. Following the
chain name
are pairs of parameters and
d
e
d
e
options that actually define the way the rule will work and what will happen when a packet matches
the rule.
When looking at the structure of an
iptables
command, it is important to remember that, unlike
most other commands, the length and complexity of an
iptables
command can change based on
its purpose. A simple command to remove a rule from a chain can be very short, while a command
designed to filter packets from a particular subnet using a variety of specific parameters and options
can be rather lengthy. When creating
iptables
commands it is helpful to recognize that some param
eters and options may create the need for other parameters and options to further specify the previous
option's request. In order to construct a valid rule, this must continue until every parameter and option
that requires another set of options is satisfied.
Type
iptables h
to see a comprehensive list of
iptables
command structures.
13.3.3. Commands
Commands tell
iptables
to perform a specific action. Only one command is allowed per
iptables
command string. With the exception of the help command, all commands are written in upper case
characters.
The
iptables
commands are as follows:
A
Appends the
iptables
rule to the end of the specified chain. This is the command used to
simply add a rule when rule order in the chain does not matter.
C
Checks a particular rule before adding it to the user specified chain. This command can
help you construct complicated
iptables
rules by prompting you for additional parameters and
options.
D
Deletes a rule in a particular chain by number (such as
5
for the fifth rule in a chain). You
can also type the entire rule, and
iptables
will delete the rule in the chain that matches it.
E
Renames a user defined chain. This does not affect the structure of the table. Rather, it just
saves you the trouble of deleting the chain, creating it under the new name, and reconfiguring all of
your rules for that chain.
F
Flushes the selected chain, which effectively deletes every rule in the the chain. If no chain
is specified, this command flushes every rule from every chain.
h
Provides a list of helpful command structures, as well as a quick summary of command
parameters and options.
I
Inserts a rule in a chain at a particular point. Assign a number to the rule to be inserted and
iptables
will put it there. If no number is specified,
iptables
will place your command at the
top of the rule list.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved