Exact syntax and examples for iptables
Bristol, Gary L.
gbristol at ou.edu
Sat Sep 19 19:21:29 UTC 2009
To setup Iptables so that it is running, your issue the following command;
Chkconfig iptables on
Then do an; service iptables start
When you do a; service iptables status
You should get a display similar to the following, depending on the other rules you have.
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
DROP all -- 10.5.5.25 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
If you want to check the iptables rule listing you can issue the; iptables -L -n command for a printout of the current rules.
If you want to make sure to save your current setup.
Do a; cd /etc/sysconfig
Iptables-save > iptables
If you want to manually enter new rules in the iptables file in the directory you can, and if you do and want to apply them to the active setup
You would execute the following command when in the /etc/sysconfig directory; iptables-restore < iptables
Message: 4
Date: Thu, 17 Sep 2009 22:35:07 -0400
From: "Aaron Bliss" <abliss at brockport.edu>
Subject: RE: Exact syntax and examples for iptables
To: "'General Red Hat Linux discussion list'" <redhat-list at redhat.com>
Message-ID: <000001ca3808$a2f54fc0$e8dfef40$@edu>
Content-Type: text/plain; charset="us-ascii"
Assuming that you already have iptables running
/sbin/iptables -I RH-Firewall-1-INPUT -s 10.5.5.25 -j DROP
/sbin/service iptables save
Hi Aaron,
iptables is not running as the previous sysadmin hardened the server.
How do I turn it on?
So I issue the two commands you gave on both cluster nodes & it will
stop the Windows server from accessing on both nodes as well as the
cluster virtual IP address?
What's the command to reverse back, in case there's problem, I'll
need to fallback
More information about the redhat-list
mailing list