rewritten network filter. For more specific information, refer to the Linux Packet Filtering
HOWTO referenced in
Section 7, “Additional Resources”
.
3. Options Used within
iptables
Commands
Rules for filtering packets are put in place using the
iptables
command. The following aspects
of the packet are most often used as criteria:
• Packet Type — Specifies the type of packets the command filters.
• Packet Source/Destination — Specifies which packets the command filters based on the
source or destination of the packet.
• Target — Specifies what action is taken on packets matching the above criteria.
For more information on specific options which address these aspects of a packet, refer to
Section 3.4, “
iptables
Match Options”
and
Section 3.5, “Target Options”
.
The options used with given
iptables
rules must be grouped logically, based on the purpose
and conditions of the overall rule, for the rule to be valid. The remainder of this section explains
commonly-used options for the
iptables
command.
3.1. Structure of
iptables
Options
Many
iptables
commands have the following structure:
iptables [-t <table-name>] <command><chain-name><parameter-1> \
<option-1><parameter-n><option-n>
The
<table-name>
option allows the user to select a table other than the default
filter
table to
use with the command. The
<command>
option dictates a specific action to perform, such as
appending or deleting the rule specified by the
<chain-name>
option. Following the
<chain-name>
are pairs of parameters and options that define what happens when a packet
matches the rule.
When looking at the structure of an
iptables
command, it is important to remember that, unlike
most other commands, the length and complexity of an
iptables
command can change based
on its purpose. A command to remove a rule from a chain can be very short, while a command
designed to filter packets from a particular subnet using a variety of specific parameters and
options can be rather lengthy. When creating
iptables
commands, it is helpful to recognize
that some parameters and options may create the need for other parameters and options to
further specify the previous option's request. To construct a valid rule, this must continue until
every parameter and option that requires another set of options is satisfied.
Type
iptables -h
to view a comprehensive list of
iptables
command structures.
3.2. Command Options
Chapter 18. iptables
330
Содержание ENTERPRISE LINUX 4.5.0 -
Страница 1: ...Red Hat Enterprise Linux 4 5 0 4 5 0 Reference Guide ISBN N A Publication date ...
Страница 2: ...Red Hat Enterprise Linux 4 5 0 ...
Страница 4: ...Red Hat Enterprise Linux 4 5 0 ...
Страница 24: ...xxiv ...
Страница 26: ......
Страница 36: ...12 ...
Страница 72: ...48 ...
Страница 112: ...88 ...
Страница 122: ...98 ...
Страница 140: ...116 ...
Страница 142: ......
Страница 300: ...276 ...
Страница 318: ...294 ...
Страница 320: ......
Страница 332: ...308 ...
Страница 350: ...326 ...
Страница 378: ...354 ...
Страница 388: ...364 ...
Страница 394: ...370 ...
Страница 395: ...Part IV Appendixes ...
Страница 396: ......