Packet filtering using ipchains – Cyclades PC400 User Manual

Cyclades-PC400

41

Appendix A - Linux

Installation Manual

Packet Filtering using ipchains

The Linux utility ipchains can be used to filter IP packets entering, leaving and passing through interfaces. An
ipchains tutorial is beyond the scope of this manual. For more information on ipchains, see the ipchains man
page (by typing man ipchains at the Linux command prompt) or the howto: http://netfilter.filewatcher.org/ipchains/
HOWTO.html.

The syntax of the ipchains command is:

ipchains -

command

chain

[-s

source

] [-d

destination

] [-p

protocol

] [-j

target

] [-i

interface

]

where command is one of the following:

A - Add a condition or rule to the end of the chain. Note that the order in which a condition appears in a chain

can modify its application and the first rule added to a chain is processed first, etc.

D - Delete a condition from the chain. The condition must match exactly with the command’s arguments to be

deleted.

R- Replace a condition in the chain.
I - Insert a condition in a specified location in the chain.
L - List all conditions in the chain.
F - Flush (remove) all conditions in the chain.
N - Create a new chain.
X - Deletes a user-created chain
P - Policy applied for default handling

chain is one of the following:

input - filters incoming packets
output - filters outgoing packets
forward - filters packets which are not created by the server and are not destined to the server

user_created_chain

- a previously defined (or in the process of being defined) chain created using the N

command described above.