Define policy for chain rules

EM-1240-LX User’s Manual

Configuring EM-1240-LX

Usage:

#iptables [-t tables] [-P] [INPUT, OUTPUT, FORWARD, PREROUTING, OUTPUT, POSTROUTING] [ACCEPT, DROP]

-P:	Set the policy for the chain to the given target.
INPUT:	For packets coming into the EM-1240-LX.
OUTPUT:	For locally-generated packets.
FORWARD:	For packets routed out through the EM-1240-LX.
PREROUTING:	To alter packets as soon as they come in.
POSTROUTING:	To alter packets as they are about to be sent out.

Examples:

#iptables –P INPUT DROP #iptables –P OUTPUT ACCEPT #iptables –P FORWARD ACCEPT #iptables –t nat –P PREROUTING ACCEPT #iptables –t nat –P OUTPUT ACCEPT #iptables -t nat –P POSTROUTING ACCEPT

In this example, the policy accepts outgoing packets and denies incoming packets.

Append or delete rules:

Usage:

#iptables [-t table] [-AI] [INPUT, OUTPUT, FORWARD] [-io interface] [-p tcp, udp, icmp, all] [-s IP/network] [--sport ports] [-d IP/network] [--dport ports] –j [ACCEPT. DROP]

-A:	Append one or more rules to the end of the selected chain.
-I:	Insert one or more rules in the selected chain as the given rule number.
-i:	Name of an interface via which a packet is going to be received.
-o:	Name of an interface via which a packet is going to be sent.
-p:	The protocol of the rule or of the packet to check.
-s:	Source address (network name, host name, network IP address, or plain IP
	address).
--sport:	Source port number.
-d:	Destination address.
--dport:	Destination port number.
-j:	Jump target. Specifies the target of the rules; i.e., how to handle matched packets.
Examples:	For example, ACCEPT the packet, DROP the packet, or LOG the packet.
Examples:

Example 1: Accept all packets from lo interface.

# iptables –A INPUT –i lo –j ACCEPT

Example 2: Accept TCP packets from 192.168.0.1.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.0.1 –j ACCEPT

Example 3: Accept TCP packets from Class C network 192.168.1.0/24.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.1.0/24 –j ACCEPT

Example 4: Drop TCP packets from 192.168.1.25.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.1.25 –j DROP

Example 5: Drop TCP packets addressed for port 21.

# iptables –A INPUT –i eth0 –p tcp --dport 21 –j DROP

Example 6: Accept TCP packets from 192.168.0.24 to the EM-1240-LX’s port 137, 138, 139

# iptables –A INPUT –i eth0 –p tcp –s 192.168.0.24 --dport 137:139 –j ACCEPT

Example 7: Drop all packets from MAC address 01:02:03:04:05:06.

# iptables –A INPUT –i eth0 –p all –m mac ––mac-source 01:02:03:04:05:06 –j DROP

4-6

Moxa Technologies EM-1240-LX user manual Define policy for chain rules

Models: EM-1240-LX