Saturday, November 12, 2011

Setting Linux Firewall

IPtbles is an administrator tool for filtering and configuring network. These options specify the desired action to perform. Only one of them can be specified on the command line unless otherwise stated below. For long versions of the command and option names, you need to use only enough letters to ensure that iptables can differentiate it from all other options.

-A--append chain rule-specification
Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination.
-D--delete chain rule-specification
-D--delete chain rulenum
Delete one or more rules from the selected chain. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for the first rule) or a rule to match.
-I--insert chain [rulenumrule-specification
Insert one or more rules in the selected chain as the given rule number. So, if the rule number is 1, the rule or rules are inserted at the head of the chain. This is also the default if no rule number is specified.
-R--replace chain rulenum rule-specification
Replace a rule in the selected chain. If the source and/or destination names resolve to multiple addresses, the command will fail. Rules are numbered starting at 1.
-L--list [chain]
List all rules in the selected chain. If no chain is selected, all chains are listed. Like every other iptables 
command, it applies to the specified table (filter is the default), so NAT rules get listed by 
iptables -t nat -n -L
Please note that it is often used with the -n option, in order to avoid long reverse DNS lookups. It is legal to specify the -Z (zero) option as well, in which case the chain(s) will be atomically listed and zeroed. The exact output is affected by the other arguments given. The exact rules are suppressed until you use 
iptables -L -v 
exemple :
for drop packet to our ip :
iptables -D INPUT -s 127.0.0.1 -p icmp -j DROP
for allowing trafic to web or tcp :
   iptables -A INPUT -p tcp --dport 80 -j ACCEPT
for cheking our rules:
   iptables -L
for flasing our rules:
   iptables -F









Posted by
The Best Insting


at
6:23 AM



















Labels:
,

















No comments:















Post a Comment
























        

      









Subscribe to:
Post Comments (Atom)