Checking Your iptables Configuration


Checking Your iptables Configuration

Before proceeding further, you should check your current configuration. Some distributions now ship with firewall-creation tools, and it's possible these are running without your knowledge. You can check your system's current configuration by passing iptables the -L parameter. You can also add the -t table- name parameter to check on a particular table. (The default table-name is filter , but you may want to check the nat and mangle tables, as well.) This should produce output similar to the following:

  # iptables -L -t filter  Chain INPUT (policy ACCEPT) target     prot opt source               destination Chain FORWARD (policy ACCEPT) target     prot opt source               destination Chain OUTPUT (policy ACCEPT) target     prot opt source               destination 

This output shows no iptables rules in the standard filter table. This is a good starting point for further modifications. If your system has firewall rules already defined, you should try to track down what script is defining them and disable it. (It may be a SysV startup script called firewall or something similar.) You can then use the -F parameter to flush the rules from a chain, thus:

 #  iptables -F INPUT -t filter  

It's generally a good idea to begin your firewall script with this command, similar commands for other chains in the filter table, and perhaps with equivalents for other tables. This ensures that your new firewall rules aren't added to old rules, which can cause great confusion.



Advanced Linux Networking
Advanced Linux Networking
ISBN: 0201774232
EAN: 2147483647
Year: 2002
Pages: 203

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net