Moxa Technologies EM-1240-LX user manual Define policy for chain rules

Page 39

EM-1240-LX User’s Manual

Configuring EM-1240-LX

Define policy for chain rules

Usage:

#iptables [-t tables] [-P] [INPUT, OUTPUT, FORWARD, PREROUTING, OUTPUT, POSTROUTING] [ACCEPT, DROP]

-P:

Set the policy for the chain to the given target.

INPUT:

For packets coming into the EM-1240-LX.

OUTPUT:

For locally-generated packets.

FORWARD:

For packets routed out through the EM-1240-LX.

PREROUTING:

To alter packets as soon as they come in.

POSTROUTING:

To alter packets as they are about to be sent out.

Examples:

#iptables –P INPUT DROP #iptables –P OUTPUT ACCEPT #iptables –P FORWARD ACCEPT #iptables –t nat –P PREROUTING ACCEPT #iptables –t nat –P OUTPUT ACCEPT #iptables -t nat –P POSTROUTING ACCEPT

In this example, the policy accepts outgoing packets and denies incoming packets.

Append or delete rules:

Usage:

#iptables [-t table] [-AI] [INPUT, OUTPUT, FORWARD] [-io interface] [-p tcp, udp, icmp, all] [-s IP/network] [--sport ports] [-d IP/network] [--dport ports] –j [ACCEPT. DROP]

-A:

Append one or more rules to the end of the selected chain.

-I:

Insert one or more rules in the selected chain as the given rule number.

-i:

Name of an interface via which a packet is going to be received.

-o:

Name of an interface via which a packet is going to be sent.

-p:

The protocol of the rule or of the packet to check.

-s:

Source address (network name, host name, network IP address, or plain IP

 

address).

--sport:

Source port number.

-d:

Destination address.

--dport:

Destination port number.

-j:

Jump target. Specifies the target of the rules; i.e., how to handle matched packets.

Examples:

For example, ACCEPT the packet, DROP the packet, or LOG the packet.

 

Example 1: Accept all packets from lo interface.

# iptables –A INPUT –i lo –j ACCEPT

Example 2: Accept TCP packets from 192.168.0.1.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.0.1 –j ACCEPT

Example 3: Accept TCP packets from Class C network 192.168.1.0/24.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.1.0/24 –j ACCEPT

Example 4: Drop TCP packets from 192.168.1.25.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.1.25 –j DROP

Example 5: Drop TCP packets addressed for port 21.

# iptables –A INPUT –i eth0 –p tcp --dport 21 –j DROP

Example 6: Accept TCP packets from 192.168.0.24 to the EM-1240-LX’s port 137, 138, 139

# iptables –A INPUT –i eth0 –p tcp –s 192.168.0.24 --dport 137:139 –j ACCEPT

Example 7: Drop all packets from MAC address 01:02:03:04:05:06.

# iptables –A INPUT –i eth0 –p all –m mac ––mac-source 01:02:03:04:05:06 –j DROP

4-6

Page 38 Page 40
Image 39
Page 38 Page 40
Contents First Edition, November EM-1240-LX User’s ManualCopyright Notice Table of Contents Chapter EM-1240-LX Device API Introduction EM-1240-LX Package ChecklistProduct Features OverviewHardware Specifications Product SpecificationsSoftware Specifications EM-1240 Development Kit Embedded Module Hardware Block Diagram AppearanceEM-1240 Embedded Module EM-1240 Development Kit Dimensions Installing the EM-1240-LX LED IndicatorsWiring Requirements Connecting Data Transmission Cables Connecting the PowerGrounding the EM-1240-LX Connecting to a Serial Device Connecting to the NetworkSerial Console Port Reset ButtonInternal SD Socket Additional FunctionsReal-time Clock Getting Started Powering on the EM-1240-LX Connecting the EM-1240-LX to a PCConsole Port 192.168.4.127 255.255.255.0 Default IP Address Default NetmaskTelnet 192.168.3.127 255.255.255.0Configuring the Ethernet Interface Dhcpcd -p -a eth0 & dhcpcd -p -a eth1 Ifconfig eth0Installing a Secure Digital SD Memory Card #mount -t iso9660 /dev/cdrom /mnt/cdrom Installing the EM-1240-LX Tool ChainDeveloping Your Applications StepEM-1240-LX User’s Manual PATH=/usr/local/arm-elf/bin$PATH Compiling Hello.c#make Uploading Hello to the EM-1240-LX# chmod 755 hello #./hello Running Hello on the EM-1240-LXCflags = Make File Example CodeSoftware Package EM-1240-LX Software Architecture Flash Context Flash Address Size Access control Journaling Flash File System JFFS2Additional information about JFFS2 is available at Bin Dev EM-1240-LX Software PackagePtyp0 Ppp Pio Rtc Ram1 Ram0 Null Kmem Mem Cua0 Console Tty ‰ Iptables ‰ NAT Configuring the EM-1240-LXEnabling and Disabling Daemons Example default enableAdding a Web Default Home Page addressLocal Host Packets Define policy rules, and Append or delete rules UsageExamples Define policy for chain rules NAT Example Enabling NAT at BootupDial-in Service Configuring Dial-in/Dial-out ServiceConfiguring PPPoE Dial-out ServiceDynamic Driver Module Load/Unload How to Mount a Remote NFS ServerCd ramdisk Ramdiskupkernel em1240-1.x.bin /ramdiskrebootUpgrading the Kernel UpramdiskUpramdisk Cd ramdisk Upgrading the Root File System & User DirectoryRamdiskbackupfs /ramdisk/usrdisk-backup User Directory Backup-EM-1240-LX to PCChecking the Kernel and Root File System Versions Loading Factory DefaultsMirroring the Application Program and Configuration Autostarting User Applications on BootupCat /etc/version FsversionEM-1240-LX Device API RTC Real-time Clock BuzzerUart Interface UC Finder Windows UC Finder EM-1240-LX User’s Manual UC Finder EM-1240-LX User’s Manual UC Finder Linux UC Finder Editor System CommandsBusybox µClinux normal command utility collection File managerMoxa Special Utilities NetworkProcess OtherSnmp Agent with MIB II & RS-232 Like Group Ip MIB Tcp MIB Udp MIB Snmp Agent with MIB II & RS-232 Like GroupRFC1317 RS-232 like group supported variables Rs232 MIB Snmp MIBEM-1240-LX FAQ Service Information Following services are provided Moxa Internet ServicesMoxa Product † EM-1240-LX Serial Number Problem Report FormProduct Return Procedure
Top Page Image Contents