About iptables

Previous page
Table of content
Next page

About iptables

This section contains information about iptables: resources to consult for more information on this utility, prerequisites for running iptables, and notes.

More Information

Web


Documentation, HOWTOs, FAQs, patch-o-matic, security information www.netfilter.org Tutorial www.faqs.org/docs/iptables Scripts and more www.linuxguruz.com/iptables

HOWTO


KernelAnalysis-HOWTO IP Masquerade HOWTO (contains useful scripts) Netfilter Extensions HOWTO at netfilter.org and www.iptables.org/documentation/HOWTO/netfilter-extensions-HOWTO.html

Book


TCP Illustrated by W. Richard Stevens, Addison-Wesley, December 1993

Prerequisites

Install the following package:

  • iptables

Run chkconfig to cause iptables to start when the system comes up:

# /sbin/chkconfig iptables on


To ensure maximum protection, the iptables init script starts packet filtering by running iptables very soon after the system enters runlevels 25; in contrast, this script does not stop packet filtering almost until the system leaves runlevels 0, 1, and 6. See page 404 for more information on init scripts.

Notes

The iptables utility differs from most other Linux utilities in its setup and use. Whereas other Linux utilities such as Apache, vsftpd, and sshd read the data that controls their operation from a configuration file, iptables requires you to give a series of iptables commands to build a set of packet filtering rules that are kept in the kernel.

There are two ways to set up the same set of rules each time you bring the system up. First, you can put iptables commands in a script and run that script each time the system boots. You can call this script from /etc/rc.d/rc.local.

Second, you can put the arguments to the iptables commands you want to execute in /etc/sysconfig/iptables. The system-config-securitylevel utility (page 777) and the Anaconda installer (page 47) both use this technique, building sets of rules and storing the corresponding iptables command arguments in /etc/sysconfig/iptables. The command service iptables save stores the iptables rules currently in effect to this file. If you use the /etc/sysconfig/iptables file in this manner, be aware that system-config-securitylevel and service iptables save overwrite this file.

For information on copying packet filtering rules to and from the kernel, refer to "Copying Rules to and from the Kernel"on page 776. You can run iptables with the L option or you can run service iptables status to display the packet filtering rules the kernel is using.

The iptables init script executes the /etc/sysconfig/iptables-config file. Refer to the comments in this file for options you can set in it.

Resetting iptables


If you encounter problems related to the firewall rules, you can return packet processing rules in the kernel to their default state without rebooting by giving the following commands:

# iptables --flush && iptables --delete-chain


These commands flush all chains and delete any user-defined chains, leaving the system without a firewall. In an emergency you can give the following command to unload all iptables modules from the kernel and set a policy of DROP for all tables:

# /sbin/service iptables panic




Previous page
Table of content
Next page
A Practical Guide to Red Hat Linux
A Practical Guide to Red HatВ® LinuxВ®: Fedoraв„ў Core and Red Hat Enterprise Linux (3rd Edition)
ISBN: 0132280272
EAN: 2147483647
Year: 2006
Pages: 383
Authors: Mark G. Sobell
BUY ON AMAZON
CISSP Exam Cram 2
Managing Enterprise Systems with the Windows Script Host
Cisco Voice Gateways and Gatekeepers
101 Microsoft Visual Basic .NET Applications
Programming Microsoft ASP.NET 3.5
802.11 Wireless Networks: The Definitive Guide, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy