Define policy for chain rules, Append or delete rules – Moxa Technologies THINKCORE W341 User Manual

Page 50

Advertising
background image

ThinkCore W311/321/341 Linux User’s Manual

Managing Communications

4-10

Define policy for chain rules

Usage:

# iptables [-t tables] [-P] [INPUT, OUTPUT, FORWARD, PREROUTING, OUTPUT, POSTROUTING]

[ACCEPT, DROP]

-P: Set the policy for the chain to the given target.

INPUT: For packets coming into the W311/321/341.

OUTPUT: For locally-generated packets.

FORWARD: For packets routed out through the W311/321/341.

PREROUTING: To alter packets as soon as they come in.

POSTROUTING: To alter packets as they are about to be sent out.
Examples:

#iptables –P INPUT DROP

#iptables –P OUTPUT ACCEPT

#iptables –P FORWARD ACCEPT

#iptables –t nat –P PREROUTING ACCEPT

#iptables –t nat –P OUTPUT ACCEPT

#iptables -t nat –P POSTROUTING ACCEPT

In this example, the policy accepts outgoing packets and denies incoming packets.

Append or delete rules:

Usage:

# iptables [-t table] [-AI] [INPUT, OUTPUT, FORWARD] [-io interface] [-p tcp, udp, icmp,

all] [-s IP/network] [--sport ports] [-d IP/network] [--dport ports] –j [ACCEPT. DROP]

-A: Append one or more rules to the end of the selected chain.

-I: Insert one or more rules in the selected chain as the given rule number.

-i: Name of an interface via which a packet is going to be received.

-o: Name of an interface via which a packet is going to be sent.

-p: The protocol of the rule or of the packet to check.

-s: Source address (network name, host name, network IP address, or plain IP address).

--sport: Source port number.

-d: Destination address.

--dport: Destination port number.

-j:

Jump target. Specifies the target of the rules; i.e., how to handle matched packets. For

example, ACCEPT the packet, DROP the packet, or LOG the packet.

Examples:

Example 1: Accept all packets from lo interface.

# iptables –A INPUT –i lo –j ACCEPT

Example 2: Accept TCP packets from 192.168.0.1.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.0.1 –j ACCEPT

Example 3: Accept TCP packets from Class C network 192.168.1.0/24.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.1.0/24 –j ACCEPT

Example 4: Drop TCP packets from 192.168.1.25.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.1.25 –j DROP

Example 5: Drop TCP packets addressed for port 21.

# iptables –A INPUT –i eth0 –p tcp --dport 21 –j DROP

Example 6: Accept TCP packets from 192.168.0.24 to W341’s port 137, 138, 139

# iptables –A INPUT –i eth0 –p tcp –s 192.168.0.24 --dport 137:139 –j ACCEPT

Advertising
This manual is related to the following products:

THINKCORE W321, THINKCORE W311

Popular Brands
Popular manuals