Iptables: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 16: Line 16:
=Overview=
=Overview=


<tt>iptables</tt> is a Linux ''command line tool'' used to query and manipulate the network packet filtering rules maintained by the Linux kernel. Network packet filtering in the kernel is implemented by the [[iptables Concepts#netfilter|netfilter framework]]. The term "iptables" is also used to refer to the iptables ''service'', which is a [[systemd]] service that uses the iptables tool to configure the packet filtering rules at boot. netfilter and iptables are used to implement network firewalls and NAT. The relationships between these concepts is explained in [[iptables Concepts#netfilter.2C_iptables_tool.2C_iptables_service_and_firewalld|iptables Concepts: netfilter, iptables tool, iptables service and firewalld]].
<tt>iptables</tt> is a Linux ''command line tool'' used to query and manipulate the network packet filtering rules maintained by the Linux kernel. Network packet filtering in the kernel is implemented by the [[iptables Concepts#netfilter|netfilter framework]]. The term "iptables" is also used to refer to the iptables ''service'', which is a [[systemd]] service that uses the iptables tool to configure the packet filtering rules at boot. netfilter and iptables are used to implement network firewalls and NAT. The relationships between these concepts is explained in [[iptables Concepts#netfilter.2C_iptables_tool.2C_iptables_service_and_firewalld|iptables Concepts: netfilter, iptables tool, iptables service and firewalld]]. [[iptables Concepts#Overview|More details available here ...]]


=Concepts=
=Concepts=

Revision as of 05:13, 10 January 2016

External

Internal

Overview

iptables is a Linux command line tool used to query and manipulate the network packet filtering rules maintained by the Linux kernel. Network packet filtering in the kernel is implemented by the netfilter framework. The term "iptables" is also used to refer to the iptables service, which is a systemd service that uses the iptables tool to configure the packet filtering rules at boot. netfilter and iptables are used to implement network firewalls and NAT. The relationships between these concepts is explained in iptables Concepts: netfilter, iptables tool, iptables service and firewalld. More details available here ...

Concepts

iptables Concepts

iptables tool

iptables Command Line Tool
iptables Command Line Tool Examples

iptables Service

Getting Information about iptables Service

systemctl status iptables

The following command tells whether the ip_tables modules are loaded: 

lsmod | grep tables
ip_tables               9567  1 iptable_filter
ip6_tables             10867  1 ip6table_filter

iptables Service Installation

iptables service and firewalld are incompatible. If iptables service is used, firewalld must be disabled: firewalld#Disable. 

yum -y install iptables iptables-services

This will install both IPv4 and IPv6 support.

Lifecycle

The iptables service starts by reading the individual iptables tool commands from its configuration rule file /etc/sysconfig/iptables and applying those rules to tables and the chains specified in the file. The rule commands are applied in order, then the commit command is issued for each table.

iptables Service Configuration

Put in place the default iptables and ip6tables configuration:

Then enable the service to start at boot.

Further rules will be added on a case by case basis.

Configuration Examples

iptables Command Line Tool Examples

iptables Service Operations

Enable to Start at Boot

After rule configuration, enable the iptables service to start at boot: 

systemctl enable iptables
systemctl enable ip6tables

Reload the Rules

This command restarts the service and reloads the rules from the configuration file, discarding the current memory rules: 

systemctl restart iptables

iptables Troubleshooting

iptables Troubleshooting

Retrieved from "https://kb.novaordis.com/index.php?title=Iptables&oldid=1632"