Configuring |
Define policy for chain rules
Usage:
#iptables
Set the policy for the chain to the given target. | |
INPUT: | For packets coming into the |
OUTPUT: | For |
FORWARD: | For packets routed out through the |
PREROUTING: | To alter packets as soon as they come in. |
POSTROUTING: | To alter packets as they are about to be sent out. |
Examples:
#iptables
In this example, the policy accepts outgoing packets and denies incoming packets.
Append or delete rules:
Usage:
#iptables
Append one or more rules to the end of the selected chain. | |
Insert one or more rules in the selected chain as the given rule number. | |
Name of an interface via which a packet is going to be received. | |
Name of an interface via which a packet is going to be sent. | |
The protocol of the rule or of the packet to check. | |
Source address (network name, host name, network IP address, or plain IP | |
| address). |
Source port number. | |
Destination address. | |
Destination port number. | |
Jump target. Specifies the target of the rules; i.e., how to handle matched packets. | |
Examples: | For example, ACCEPT the packet, DROP the packet, or LOG the packet. |
|
Example 1: Accept all packets from lo interface.
# iptables
Example 2: Accept TCP packets from 192.168.0.1.
# iptables
Example 3: Accept TCP packets from Class C network 192.168.1.0/24.
# iptables
Example 4: Drop TCP packets from 192.168.1.25.
# iptables
Example 5: Drop TCP packets addressed for port 21.
# iptables
Example 6: Accept TCP packets from 192.168.0.24 to the
# iptables
Example 7: Drop all packets from MAC address 01:02:03:04:05:06.
# iptables