48.8.3. Using IPTables
The first step in using
iptablesis to start the
iptablesservice. Use the following command to start the
service iptables start
ip6tablesservice can be turned off if you intend to use the
iptablesservice only. If you deactivate the
ip6tablesservice, remember to deactivate the IPv6 network also. Never leave a network device active without the matching firewall.
iptablesto start by default when the system is booted, use the following command:
chkconfig --level 345 iptables on
iptablesto start whenever the system is booted into runlevel 3, 4, or 5.
22.214.171.124. IPTables Command Syntax
The following sample
iptablescommand illustrates the basic command syntax:
iptables -A <chain> -j <target>
-Aoption specifies that the rule be appended to <chain>. Each chain is comprised of one or more rules, and is therefore also known as a ruleset.
The three built-in chains are INPUT, OUTPUT, and FORWARD. These chains are permanent and cannot be deleted. The chain specifies the point at which a packet is manipulated.
-j <target>option specifies the target of the rule; i.e., what to do if the packet matches the rule. Examples of built-in targets are ACCEPT, DROP, and REJECT.
Refer to the
iptablesman page for more information on the available chains, options, and targets.