Exact syntax and examples for iptables

Bristol, Gary L. gbristol at ou.edu
Sat Sep 19 19:21:29 UTC 2009 

To setup Iptables so that it is running, your issue the following command;

Chkconfig iptables on

Then do an; service iptables start

When you do a; service iptables status

You should get a display similar to the following, depending on the other rules you have.

Table: filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
DROP       all  --  10.5.5.25            0.0.0.0/0      
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255 
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:123 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

If you want to check the iptables rule listing you can issue the; iptables -L -n command for a printout of the current rules.

If you want to make sure to save your current setup.

Do a; cd /etc/sysconfig

Iptables-save > iptables

If you want to manually enter new rules in the iptables file in the directory you can, and if you do and want to apply them to the active setup
You would execute the following command when in the /etc/sysconfig directory; iptables-restore < iptables

     

Message: 4
Date: Thu, 17 Sep 2009 22:35:07 -0400
From: "Aaron Bliss" <abliss at brockport.edu>
Subject: RE: Exact syntax and examples for iptables
To: "'General Red Hat Linux discussion list'" <redhat-list at redhat.com>
Message-ID: <000001ca3808$a2f54fc0$e8dfef40$@edu>
Content-Type: text/plain;	charset="us-ascii"

Assuming that you already have iptables running

/sbin/iptables -I RH-Firewall-1-INPUT -s 10.5.5.25 -j DROP
/sbin/service iptables save

Hi Aaron,

iptables is not running as the previous sysadmin hardened the server.

How do I turn it on?


So I issue the two commands you gave on both cluster nodes & it will
stop the Windows server from accessing on both nodes as well as the
cluster virtual IP address?

What's the command to reverse back, in case there's problem, I'll
need to fallback

More information about the redhat-list mailing list