Simple Linux iptables usage

Iptables is a standard Linux Firewall Application. Without a hardware firewall, iptables is also a simple and economical solution. In this example, how to use iptables to restrict client access to ftp and ssh ports

Enable and disable the iptables function, and save and reload related configuration commands.

Service iptables start
Service iptables stop
Service iptables save
Service iptables reload
Service iptables status
Chkconfig -- list iptables

Note: adjusting the firewall may prevent remote connection to the server at any time. Therefore, be careful to set up a crontab task during the debugging phase and disable the firewall at intervals. Network disconnected in time, and recovered after a while

View current firewall settings
Iptables-l input-n -- line-numbers. You can also view the iptables-L command. In this example

Delete a policy, such as a 4th-row policy.
Iptables-d input 4

Set the policy to drop. The default policy is accept.

Iptables-P INPUT DROP
Iptables-P FORWARD DROP
Iptables-P OUTPUT DROP

In essence, iptables reports an error in the relevant configuration file.

[Root @ log1 ~] # Cat/etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Thu Nov 21 09:36:20 2013
* Filter
: Input drop [0: 0]
: Forward drop [0: 0]
: Output accept [0: 0]
-A input-s 192.168.9.0/24-p tcp-m tcp -- dport 22-m state -- state NEW, ESTABLISHED-j ACCEPT
-A input-s 192.168.9.0/24-p tcp-m tcp -- dport 21-m state -- state NEW, ESTABLISHED-j ACCEPT

For more details, please continue to read the highlights on the next page:

Recommended reading:

Iptables-packet filtering (Network Layer) Firewall

Linux Firewall iptables

Iptables + L7 + Squid implements a complete software firewall

Basic use of iptables backup, recovery, and firewall scripts

Detailed description of firewall iptables usage rules in Linux

1 2 Next Page