This can be ip address, or network address, or hostname./etc/protocols file contains all allowed protocol name and number.Use either the name (for example: tcp), or the number (for example: 6 for tcp) for protocol.It is not a good practice to use “all”, and always specify a protocol. When you don’t specify -p, by default “all” protocols will be used. The following parameters are available for all kinds of firewall rules. If you don’t know what chain means, you better read about iptables fundamentals first. firewall-rule – Various parameters makes up the firewall rule.For example, use INPUT chain for incoming packets, and OUTPUT for outgoing packets. -A chain – Specify the chain where the rule should be appended.When you want to add any new rules, modify that shell script and add your new rules above the “drop all packets” rule. In that shell script, your last line should always be “drop all packets” rule. Once you’ve mastered the iptables, and when you are implementing it on production, you should use a shell script, where you use -A command to add all the rules. If you already have a rule to drop all packets, and if you try to use “-A” from the command-line to create new rule, you will end-up adding the new rule after the current “drop all packets” rule, which will make your new rule pretty much useless. Typically the last rule will be to drop all packets. But, keep in mind that “-A” adds the rule at the end of the chain.Īgain, it is very important to remember that -A adds the rule at the end. If it makes it easier for you to remember “-A” as add-rule (instead of append-rule), it is OK. This article explains how to add iptables firewall rules using the “iptables -A” (append) command.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |