(1) set iptables for startup # sysv-rc-conf -- level2345iptableson (2) basic command of iptables 1. list the current iptables policies and rules # iptables-L-n: displayed in numbers # iptables-L-v: print detailed information 2. allow an established connection to receive data iptables
(1) set startupIptables
# Sysv-rc-conf -- level 2345 iptables on
(2) Basic iptables commands
1. list the current iptables policies and rules
# Iptables-L-n
-N: displayed in numbers
# Iptables-L-v
-V: print detailed information.
2. allow a established connection to receive data
Iptables-a input-m state -- state ESTABLISHED, RELATED-jACCEPT
3.Open port 22 (default port for SSH). you need to tell iptables to allow all TCP packets with the target port 22 to pass through
Iptables-a input-p tcp-I eth0 -- dport ssh-j ACCEPT
Note: ssh indicates 22. all services that can be found in/etc/services can be used in this way.
4. add a policy. A policy is also a rule. when all rules do not match, the "policy" of the chain is used"
Chain: INPUT, PREROUTING, FORWARD, POSTROUTING, OUTPUT
The default value of the chain policy is ACCEPT.
Table: filter (default), nat, and mangle.
# Iptables-P INPUT DROP
# Iptables-P OUTPUT ACCEPT
# Iptables-P FORWARD DROP
----------------------------------------------------
Root @ patrick :~ # Iptables-L-n
Chain INPUT (policy DROP)
TargetProt opt source Destination
ACCEPTIcmp --0.0.0.0/0 0.0.0.0/0
ACCEPTTcp--0.0.0.0/0 0.0.0.0/0 Tcpdpt: 22
Chain FORWARD (policy DROP)
TargetProt opt source Destination
Chain OUTPUT (policy ACCEPT)
TargetProt opt source Destination
ACCEPTTcp--0.0.0.0/0 0.0.0.0/0 Tcpspt: 22
----------------------------------------------------
5. enable the packet forwarding function
Forward intranet FTP requests to a host on the Internet.
Iptables-t nat-a prerouting-p tcp-dport 21-j DNAT -- to-dest10.25.1.7: 21
View:
# Iptables-L-t nat
To implement packet forwarding, you also need to edit the kernel parameters.
# Cat/proc/sys/net/ipv4/ip_forward
0
Packet forwarding is disabled by default. So you need to open it. Edit/etc/sysctl. conf and run sysctl-p.
(3) rules for saving iptables
Step 1) save the current iptables rule to the file.
# Iptables-save>/etc/iptables. up. rules
Step 2) enable iptables recovery upon startup. Add the following line to the end of the file '/etc/network/interfaces.
Pre-up iptables-restore </etc/iptables. up. rules
(4) disable the firewall
Iptables-F
It seems that there is no command like service iptablesstop in Ubuntu to suspend iptables. You can only disable iptables (firewall) in this way ).
Before using the rule, make sure that the rule is backed up in a file.