Installation Manual |
The output chain controls which packets are sent. A packet can be accepted by the input chain, but then rejected by the output chain. Likewise, the forward chain controls which packets will be routed. The input chain controls incoming packet filtering. The packet is either destined for the router or for another computer. In the latter case, the packet is processed by the forward chain. Packets that pass through the forward chain will then be pro- cessed by the output chain.
source and destination have the following format: [!]address[/mask] [!][port[:port]]
!: reverses the definition, resulting in the opposite effect. address : host or network IP
port : defines a specific port
port:port : defines a range of ports
If a source or destination is not specified then 0.0.0.0/0 is used.
protocol is one of the following:
tcp, udp, icmp, all or a protocol number (see the file /etc/protocols for a list).
target is one of the following:
ACCEPT DENY
the name of another chain
interface is:
one of the server interfaces. Lists do not need to be associated to an interface, so this option may be omitted.
To save changes made using the ipchains command, execute fwset. This command will save the filter configu- ration in the file /etc/network/firewall.
To delete the changes made (before fwset is executed) execute fwset restore to return to the lists previously saved in /etc/network/firewall. Only the lists previously saved using fwset will then be defined. This command is
Appendix A - Linux | 42 |