Changes between Version 9 and Version 10 of sysadminiptables


Ignore:
Timestamp:
Jun 22, 2009, 12:56:42 PM (13 years ago)
Author:
risard
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • sysadminiptables

    v9 v10  
    55Overview[[BR]]
    66Reading iptables[[BR]]
    7 Setting iptables[[BR]]
     7Configuring iptables[[BR]]
    88Necessary Ports - Database Server[[BR]]
    99Necessary Ports - Open-ils Server[[BR]]
     
    6363
    6464----
    65 == Setting Iptables ==
     65== Configuring Iptables ==
    6666
    6767In Debian Lenny there are two ways to change iptables.  You can edit the tables interactively at the shell using the iptables command and then save them with iptables-save command, or you can edit the file where the tables are stored directly and then apply them. 
     
    6969'''NOTE:''' that when you use the iptables command, you're changes are live.
    7070
    71 === the iptables command ===
     71=== The iptables command ===
    7272
    7373The iptables syntax is as follows:
    7474{{{
    75     sudo iptalbes -A INPUT -s 10.104.100.167 -d 10.104.100.168 -p tcp -m tcp --dport 8023 -j ACCEPT   
     75    sudo iptables -A INPUT -s 10.104.100.167 -d 10.104.100.168 -p tcp -m tcp --dport 8023 -j ACCEPT   
    7676}}}
    7777
     
    8787
    8888If you ran the above command, it would immediately add a rule to the iptables INPUT chain.  If you ran iptalbes -L, you'd see your new rule in the list.
     89
     90If you want to delete a rule simply write it as is, but with a -D at the beginning rather then -A:
     91{{{
     92   sudo iptables -D INPUT -s 10.104.100.167 -d 10.104.100.168 -p tcp -m tcp --dport 8023 -j ACCEPT
     93}}}
     94
     95Deletes the rule we used in the example above.
    8996
    9097Although the above looks complicated, it should be noted that the only parts you should ever be changing are the -s, -d and --dport options.  If you feel the need to change anything else, you should ask your fellow Evergreen Admins about it first!
     
    104111}}}
    105112
    106 Once opened, you can just add a line to the file and save it.  It's important to remember that the
     113Once opened, you can just add a line to the file and save it.  It's important to remember that the order in which the rules are listed is important.  You'll notice that the rules in each chain are listed with the ACCEPT rules before the REJECT rules.  If you add an ACCEPT rule '''after''' a REJECT rule, it won't get read when the rules are loaded into memory.
     114
     115Once you've edited the file and saved it, you can apply the changes with:
     116{{{
     117    iptables-restore < /<path>/<firewall_file>
     118}}}
    107119
    108120