Example simple iptable ruleset: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 28: | Line 28: | ||
Chain OUTPUT (policy ACCEPT) | Chain OUTPUT (policy ACCEPT) | ||
target prot opt source destination | target prot opt source destination | ||
REMEMBER! If you like the ruleset, and want it to be in-effect the next time you start iptables (ie after a reboot), then you '''must''': | |||
<font color=red>hostname</font> <font color=blue>~ #</font> '''rc-update add iptables default''' | |||
<font color=lime>*</font> iptables added to runlevel default | |||
<font color=red>hostname</font> <font color=blue>~ #</font> '''/etc/init.d/iptables save''' | |||
<font color=lime>*</font> Saving iptables state ... | |||
Revision as of 17:30, 30 January 2008
#! /bin/sh # /etc/iptables.bak # Let's save typing & confusion with variables IPTABLES=/sbin/iptables # Flush active rules and custom tables $IPTABLES --flush $IPTABLES --delete-chain # set the defaults so that by-default incoming and outgoing packets are explicitly allowed; $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT ACCEPT
Invoke and make these rules effective:
hostname ~ # sh /etc/iptables.bak
Resulting active rules:
hostname ~ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
REMEMBER! If you like the ruleset, and want it to be in-effect the next time you start iptables (ie after a reboot), then you must:
hostname ~ # rc-update add iptables default * iptables added to runlevel default hostname ~ # /etc/init.d/iptables save * Saving iptables state ...