EM-1220 LX User’s Manual
Configuring the EM-1220-LX
Examples:
# iptables -L -n
In this example, since we do not use the -t parameter, the system uses the default ‘filter’ table.
Three chains are included: INPUT, OUTPUT, and FORWARD. INPUT chains are accepted
automatically, and all connections are accepted without being filtered.
#iptables –F
#iptables –X
#iptables –Z
Define policy for chain rules
Usage:
# iptables [-t tables] [-P] [INPUT, OUTPUT, FORWARD, PREROUTING, OUTPUT, POSTROUTING]
[ACCEPT, DROP]
-P:
Set the policy for the chain to the given target.
INPUT:
For packets coming into the EM-1240-LX.
OUTPUT: For
locally-generated packets.
FORWARD:
For packets routed out through the EM-1240-LX.
PREROUTING:
To alter packets as soon as they come in.
POSTROUTING:
To alter packets as they are about to be sent out.
Examples:
#iptables –P INPUT DROP
#iptables –P OUTPUT ACCEPT
#iptables –P FORWARD ACCEPT
#iptables –t nat –P PREROUTING ACCEPT
#iptables –t nat –P OUTPUT ACCEPT
#iptables -t nat –P POSTROUTING ACCEPT
In this example, the policy accepts outgoing packets and denies incoming packets.
Append or delete rules:
Usage:
# iptables [-t table] [-AI] [INPUT, OUTPUT, FORWARD] [-io interface] [-p tcp, udp, icmp,
all] [-s IP/network] [--sport ports] [-d IP/network] [--dport ports] –j [ACCEPT. DROP]
-A:
Append one or more rules to the end of the selected chain.
-I:
Insert one or more rules in the selected chain as the given rule number.
-i:
Name of an interface via which a packet is going to be received.
-o:
Name of an interface via which a packet is going to be sent.
-p:
The protocol of the rule or of the packet to check.
-s:
Source address (network name, host name, network IP address, or plain IP
address).
--sport: Source
port
number.
-d:
Destination
address.
--dport: Destination
port
number.
-j:
Jump target. Specifies the target of the rules; i.e., how to handle matched packets.
For example, ACCEPT the packet, DROP the packet, or LOG the packet.
4-6
