Iptables: Difference between revisions
Line 57: | Line 57: | ||
==Lifecycle== | ==Lifecycle== | ||
The iptables service starts by reading the individual iptables tool commands from its configuration rule file <tt>/etc/sysconfig/iptables</tt> and applying those rules to the [[iptables Concepts#Chain|chains]] specified in the file. The rule commands are applied in order, then the commit command is issued for each chain. | The iptables service starts by reading the individual iptables tool commands from its configuration rule file <tt>/etc/sysconfig/iptables</tt> and applying those rules to [[iptables Concepts#Table|tables]] and the [[iptables Concepts#Chain|chains]] specified in the file. The rule commands are applied in order, then the commit command is issued for each chain. | ||
==iptables Service Configuration== | ==iptables Service Configuration== |
Revision as of 22:12, 5 January 2016
External
- http://www.netfilter.org/
- https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html#sec-Using_iptables
- http://wiki.centos.org/HowTos/Network/IPTables
- http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-iptables.html
- https://help.ubuntu.com/community/IptablesHowTo
- http://www.thegeekstuff.com/2011/01/iptables-fundamentals/
- http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
- http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/
- http://www.cyberciti.biz/tips/linux-iptables-examples.html
Internal
Overview
iptables is a Linux command line tool used to query and manipulate the network packet filtering rules maintained by the Linux kernel. Network packet filtering in the kernel is implemented by the netfilter framework. The term "iptables" is also used to refer to the iptables service, which is a systemd service that uses the iptables tool to configure the packet filtering rules at boot. netfilter and iptables are used to implement network firewalls and NAT. The relationships between these concepts is explained in iptables Concepts: netfilter, iptables tool, iptables service and firewalld.
Concepts
iptables tool
iptables Service
Getting Information about iptables Service
systemctl status iptables
The following command tells whether the ip_tables modules are loaded:
lsmod | grep tables ip_tables 9567 1 iptable_filter ip6_tables 10867 1 ip6table_filter
iptables Service Installation
iptables service and firewalld are incompatible. If iptables service is used, firewalld must be disabled: firewalld#Disable.
yum install iptables yum install iptables-services
Lifecycle
The iptables service starts by reading the individual iptables tool commands from its configuration rule file /etc/sysconfig/iptables and applying those rules to tables and the chains specified in the file. The rule commands are applied in order, then the commit command is issued for each chain.
iptables Service Configuration
Then enable the service to start at boot.
iptables Service Operations
Enable to Start at Boot
After rule configuration, enable the iptables service to start at boot:
systemctl enable iptables