Observe and erase chain rules – Moxa Technologies THINKCORE W341 User Manual
Page 49
ThinkCore W311/321/341 Linux User’s Manual
Managing Communications
4-9
NOTE
The W311/321/341 do NOT support IPV6 and ipchains.
The basic syntax to enable and load an IPTABLES module is as follows:
#lsmod
#insmod ip_tables
#insmod iptable_filter
Use
lsmod
to check if the ip_tables module has already been loaded in the W311/321/341 unit. Use
insmod
to insert and enable the module.
Use the following command to load the modules (iptable_filter, iptable_mangle, iptable_nat):
#insmod iptable_filter
Use
iptables, iptables-restore, iptables-save
to maintain the database.
NOTE
IPTABLES plays the role of packet filtering or NAT. Take care when setting up the IPTABLES
rules. If the rules are not correct, remote hosts that connect via a LAN or PPP may be denied
access. We recommend using the serial console to set up the IPTABLES.
Click on the following links for more information about iptables.
Since the IPTABLES command is very complex, to illustrate the IPTABLES syntax we have
divided our discussion of the various rules into three categories: Observe and erase chain rules,
Define policy rules, and Append or delete rules.
Observe and erase chain rules
Usage:
# iptables [-t tables] [-L] [-n]
-t tables: Table to manipulate (default: ‘filter’); example: nat or filter.
-L [chain]: List List all rules in selected chains. If no chain is selected, all chains are listed.
-n: Numeric output of addresses and ports.
# iptables [-t tables] [-FXZ]
-F: Flush the selected chain (all the chains in the table if none is listed).
-X: Delete the specified user-defined chain.
-Z: Set the packet and byte counters in all chains to zero.
Examples:
# iptables -L -n
In this example, since we do not use the -t parameter, the system uses the default ‘filter’ table.
Three chains are included: INPUT, OUTPUT, and FORWARD. INPUT chains are accepted
automatically, and all connections are accepted without being filtered.
#iptables –F
#iptables –X
#iptables -Z