Changes between Version 9 and Version 10 of sysadminiptables
- Timestamp:
- Jun 22, 2009, 12:56:42 PM (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
sysadminiptables
v9 v10 5 5 Overview[[BR]] 6 6 Reading iptables[[BR]] 7 Setting iptables[[BR]]7 Configuring iptables[[BR]] 8 8 Necessary Ports - Database Server[[BR]] 9 9 Necessary Ports - Open-ils Server[[BR]] … … 63 63 64 64 ---- 65 == Setting Iptables ==65 == Configuring Iptables == 66 66 67 67 In Debian Lenny there are two ways to change iptables. You can edit the tables interactively at the shell using the iptables command and then save them with iptables-save command, or you can edit the file where the tables are stored directly and then apply them. … … 69 69 '''NOTE:''' that when you use the iptables command, you're changes are live. 70 70 71 === the iptables command ===71 === The iptables command === 72 72 73 73 The iptables syntax is as follows: 74 74 {{{ 75 sudo ipta lbes -A INPUT -s 10.104.100.167 -d 10.104.100.168 -p tcp -m tcp --dport 8023 -j ACCEPT75 sudo iptables -A INPUT -s 10.104.100.167 -d 10.104.100.168 -p tcp -m tcp --dport 8023 -j ACCEPT 76 76 }}} 77 77 … … 87 87 88 88 If you ran the above command, it would immediately add a rule to the iptables INPUT chain. If you ran iptalbes -L, you'd see your new rule in the list. 89 90 If you want to delete a rule simply write it as is, but with a -D at the beginning rather then -A: 91 {{{ 92 sudo iptables -D INPUT -s 10.104.100.167 -d 10.104.100.168 -p tcp -m tcp --dport 8023 -j ACCEPT 93 }}} 94 95 Deletes the rule we used in the example above. 89 96 90 97 Although the above looks complicated, it should be noted that the only parts you should ever be changing are the -s, -d and --dport options. If you feel the need to change anything else, you should ask your fellow Evergreen Admins about it first! … … 104 111 }}} 105 112 106 Once opened, you can just add a line to the file and save it. It's important to remember that the 113 Once opened, you can just add a line to the file and save it. It's important to remember that the order in which the rules are listed is important. You'll notice that the rules in each chain are listed with the ACCEPT rules before the REJECT rules. If you add an ACCEPT rule '''after''' a REJECT rule, it won't get read when the rules are loaded into memory. 114 115 Once you've edited the file and saved it, you can apply the changes with: 116 {{{ 117 iptables-restore < /<path>/<firewall_file> 118 }}} 107 119 108 120