18.3. Using IPTables
The first step in using
iptablesis to start the
iptablesservice. Use the following command to start the
[root@myServer ~] # service iptables start
ip6tablesservice can be turned off if you intend to use the
iptablesservice only. If you deactivate the
ip6tablesservice, remember to deactivate the IPv6 network also. Never leave a network device active without the matching firewall.
iptablesto start by default when the system is booted, use the following command:
[root@myServer ~] # chkconfig --level 345 iptables on
iptablesto start whenever the system is booted into runlevel 3, 4, or 5.
18.3.1. IPTables Command Syntax
The following sample
iptablescommand illustrates the basic command syntax:
[root@myServer ~ ] # iptables -A <chain> -j <target>
-Aoption specifies that the rule be appended to <chain>. Each chain is comprised of one or more rules, and is therefore also known as a ruleset.
The three built-in chains are INPUT, OUTPUT, and FORWARD. These chains are permanent and cannot be deleted. The chain specifies the point at which a packet is manipulated.
-j <target>option specifies the target of the rule; i.e., what to do if the packet matches the rule. Examples of built-in targets are ACCEPT, DROP, and REJECT.
Refer to the
iptablesman page for more information on the available chains, options, and targets.