Iptables Command Line Tool: Difference between revisions
No edit summary |
|||
Line 31: | Line 31: | ||
The rule will only be added in memory and won't survive a reboot. In order to make the rule permanent <font color=red>TODO</font>. | The rule will only be added in memory and won't survive a reboot. In order to make the rule permanent <font color=red>TODO</font>. | ||
===-A=== | |||
The [[iptables Concepts#Chain|chain]] can be one of INPUT, OUTPUT, FORWARD, PREROUTING and POSTROUTING. | The [[iptables Concepts#Chain|chain]] can be one of INPUT, OUTPUT, FORWARD, PREROUTING and POSTROUTING. | ||
Example of allowing external HTTP access on a specific interface: | |||
<pre> | |||
iptables -A INPUT -i enp0s25 -p tcp -j ACCEPT | |||
</pre> |
Revision as of 22:41, 5 January 2016
Internal
Overview
iptables always targets the "filter" table by default. In order to change the target table, use the -t <table-name> options.
Commands
List Rules
iptables -L -nv --line-numbers
The command list all rules in the selected chain. If no chain is selected, all chains are listed.
The command applies to the specified table ("filter" is the default). If you need to list rules from a table other than "filter", use -t (example -t nat).
The command is often used with the -n option, in order to avoid long reverse DNS lookups.
Add a Rule to the Default Table
iptables -A <chain> -i <interface> -s <source> -p <protocol> [-m <module> <module-config>] -j <target>
The rule will be added to the "filter" table. If you need to add the rule to a different table, use -t.
The rule will only be added in memory and won't survive a reboot. In order to make the rule permanent TODO.
-A
The chain can be one of INPUT, OUTPUT, FORWARD, PREROUTING and POSTROUTING.
Example of allowing external HTTP access on a specific interface:
iptables -A INPUT -i enp0s25 -p tcp -j ACCEPT