IPTABLES in RHEL6
IPTABLE
By default, RedHat comes with a built-in firewall called iptables
The iptables command is actually the tool used to manage a networking
subsystem within the
Linux kernel called netfilter
Syntax: iptables [options] [chain] -j [target]
Options:
----------------------------------------------------------------------
-A chain Appends to the chain
-D chain Deletes from the chain
-I chain Inserts into the chain
-L chain Lists all rules
-p proto Uses the protocol specified
-m match Matches the extended expression
-s address Defines a source address
-d address Defines a destination address
Chains
---------------------------------------------------------------------
INPUT Packets coming into the system
OUTPUT Packets leaving the system
FORWARD Incoming packets that should be forwarded
Target:
---------------------------------------------------------------------
ACCEPT Allows the packets
DROP Drops the packets and gives no response
REJECT Rejects the packets and sends a rejection response
---------------------------------------------------------------------
If you want to show current iptables setting run these commands:
# iptables --list
# iptables -L
This is an example to create iptable rule
Allow SSH connections over TCP port 22:
# iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
Default firewall rules that come with Red Hat:
# cat /etc/sysconfig/iptables
example, suppose you need to allow SSH access to your server but you’d
like to restrict the subnet that can connect.
Step 1. You could do something like this:
# iptables -I INPUT -s 172.168.1.1/24 -p tcp --dport 22 -j ACCEPT
# service iptables save
# service iptables restart
the current status of iptables.
# service iptables status
By default, RedHat comes with a built-in firewall called iptables
The iptables command is actually the tool used to manage a networking
subsystem within the
Linux kernel called netfilter
Syntax: iptables [options] [chain] -j [target]
Options:
----------------------------------------------------------------------
-A chain Appends to the chain
-D chain Deletes from the chain
-I chain Inserts into the chain
-L chain Lists all rules
-p proto Uses the protocol specified
-m match Matches the extended expression
-s address Defines a source address
-d address Defines a destination address
Chains
---------------------------------------------------------------------
INPUT Packets coming into the system
OUTPUT Packets leaving the system
FORWARD Incoming packets that should be forwarded
Target:
---------------------------------------------------------------------
ACCEPT Allows the packets
DROP Drops the packets and gives no response
REJECT Rejects the packets and sends a rejection response
---------------------------------------------------------------------
If you want to show current iptables setting run these commands:
# iptables --list
# iptables -L
This is an example to create iptable rule
Allow SSH connections over TCP port 22:
# iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
Default firewall rules that come with Red Hat:
# cat /etc/sysconfig/iptables
example, suppose you need to allow SSH access to your server but you’d
like to restrict the subnet that can connect.
Step 1. You could do something like this:
# iptables -I INPUT -s 172.168.1.1/24 -p tcp --dport 22 -j ACCEPT
# service iptables save
# service iptables restart
the current status of iptables.
# service iptables status
No comments:
Post a Comment