Show Table of Contents
2.8.3. Using IPTables
The first step in using
iptables is to start the iptables service. Use the following command as the root user to start the iptables service:
~]# service iptables restart
iptables: Applying firewall rules: [ OK ]Note
The
ip6tables service can be turned off if you intend to use the iptables service only. If you deactivate the ip6tables service, remember to deactivate the IPv6 network also. Never leave a network device active without the matching firewall.
To force
iptables to start by default when the system is booted, use the following command as the root user:
~]# chkconfig --level 345 iptables on
This forces
iptables to start whenever the system is booted into runlevel 3, 4, or 5.
2.8.3.1. IPTables Command Syntax
The following sample
iptables command illustrates the basic command syntax:
iptables-A<chain>-j<target>
The
-A option specifies that the rule be appended to <chain>. Each chain is comprised of one or more rules, and is therefore also known as a ruleset.
The three built-in chains are INPUT, OUTPUT, and FORWARD. These chains are permanent and cannot be deleted. The chain specifies the point at which a packet is manipulated.
The
-j <target> option specifies the target of the rule; i.e., what to do if the packet matches the rule. Examples of built-in targets are ACCEPT, DROP, and REJECT.
Refer to the
iptables man page for more information on the available chains, options, and targets.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.