4-16
Packet Filtering using ipchains
target
is one of the following:
ACCEPT
DENY
the name of another chain
interface
is:
eth0 (the Ethernet interface is the only option on the PortServer CM) Lists do not need to be associated to an
interface, so this option may be omitted.
To save changes made using the ipchains command, execute fwset. This command will save the filter
configuration in the file /etc/network/firewall and then save the file in flash memory.
To delete the changes made (before fwset is executed) execute fwset restore to return to the lists previously
saved in /etc/network/firewall. Only the lists previously saved using fwset will then be defined. This
command is executed at boot to invoke the last configuration saved.
Another option is to edit the file /etc/network/firewall (or another file) directly, following the syntax defined
in the file itself. If the file is edited in this way, the command fwset cannot be used to save and restore the
configuration.
Use:
ipchains-save > file_name
to save the lists in file_name
updatefiles file_name
to save file_name to flash memory
ipchains-restore < file_name
to restore the lists to the configuration in file_name
An example of the use of ipchains for a console access server
If the administrator wishes to restrict access to the consoles connected to the PortServer CM to a user on the
workstation with IP address 200.200.200.4, a filter can be set up as shown below.